Merge pull request #236 from syncfusion/UpdatePolicy

Security policy and code of conduct updated

Author: PaulAndersonS

.github/CODE_OF_CONDUCT.md

@@ -0,0 +1,71 @@
+# Syncfusion Code of Conduct and Corporate Ethics Policy
+
+## 1. Purpose
+
+Syncfusion is committed to responsible corporate citizenship. Our commitment to integrity begins with following all local, state, and federal laws and regulations.
+
+Employment at Syncfusion is based exclusively on individual merit and qualifications. The company prohibits discrimination on the basis of race, color, religion, veteran status, national origin, ancestry, pregnancy status, sex, gender identity or expression, age, marital status, mental or physical disability, medical condition, sexual orientation, or any other characteristic protected by law.
+
+Syncfusion will not tolerate discrimination, harassment, or bullying in any form and will not retaliate against any employee who reports or participates in an investigation of such behavior.
+
+## 2. Standards
+
+Syncfusion complies with all laws relating to minimum wage and overtime payments. Employees must record their time accurately in accordance with the company’s established procedures.
+
+The company adheres to all laws prohibiting child labor, slave labor, and other illegal workplace practices.
+
+Syncfusion believes that acting ethically and responsibly is not just the right thing to do—it is also good for business and crucial for our continued success. We are dedicated to full compliance with all applicable laws and to maintaining high ethical standards in all business transactions.
+
+## 3. Commitment to Ethics
+
+Syncfusion is committed to protecting employees, customers, partners, vendors, and the company from illegal or damaging actions by individuals, knowingly or unknowingly. This policy establishes behavioral and ethical standards for Syncfusion’s employees, vendors, and the company.
+
+This policy also aligns with the community standards of open-source initiatives maintained by Syncfusion, including the Syncfusion .NET MAUI Toolkit.
+
+### 3.1 Executive Commitment to Ethics
+
+Executives must:
+- Maintain an open-door policy and welcome suggestions or concerns.
+- Disclose any conflicts of interest regarding their position within Syncfusion.
+
+### 3.2 Employee Commitment to Ethics
+
+Syncfusion employees shall:
+- Treat everyone fairly and respectfully.
+- Promote a team environment and avoid unethical or compromising practices.
+- Abide by Syncfusion’s mission, values, and policies.
+- Avoid dishonesty, fraud, or misrepresentation.
+- Comply with all legal regulations and standards of equity.
+- Respect diversity and differences in people.
+- Refrain from profanity, abuse, or violence.
+- Maintain confidentiality during and after employment.
+- Respect and abide by management decisions.
+- Avoid public criticism that could harm Syncfusion’s reputation.
+
+### 3.3 Maintaining Ethical Practices
+
+Every employee must:
+- Support ethical behavior consistently.
+- Notify supervisors of any actual or potential conflicts of interest.
+- Avoid prohibited activities, including:
+  - Using their position for personal or family gain.
+  - Accepting or offering gifts or preferential treatment.
+  - Misusing Syncfusion’s assets or resources.
+
+### 3.4 Unethical Behavior
+
+Unethical or illegal practices are strictly prohibited, including:
+- Corruption, bribery, or misuse of proprietary information.
+- Unauthorized use of company assets or confidential relationships.
+- Abuse of employment benefits.
+
+All violations must be reported to: **[email protected]**
+
+## 4. Open Source Contribution Ethics – MAUI Toolkit
+
+Syncfusion maintains high ethical and community standards for its open-source projects. Contributors and users of the Syncfusion .NET MAUI Toolkit are expected to adhere to its [Code of Conduct](https://github.com/syncfusion/maui-toolkit) harassment-free collaboration environment.
+
+Anyone participating in the open-source community representing Syncfusion should:
+- Follow the same integrity and professionalism expected of internal employees.
+- Avoid discriminatory or abusive behavior in any form.
+- Promote transparency and respect among all contributors, users, and maintainers.

.github/SECURITY.md

@@ -0,0 +1,33 @@
+# Security Policy
+
+## 1. Purpose
+
+We prioritize our project’s security and encourage the community to responsibly report any vulnerabilities.
+
+## 2. Reporting a Vulnerability
+
+We take the security of our Syncfusion .NET MAUI Toolkit project very seriously. If you discover a security vulnerability, please report it responsibly using the steps outlined below.
+
+### 2.1 How to Report
+
+#### 2.1.1 Contact us privately:
+- Please email us at **[email protected]** with a detailed report of the vulnerability.
+- Wait until we verify that the problem has been fixed before making the announcement in public.
+
+#### 2.1.2 Provide details:
+- Provide instructions on how to replicate the vulnerability.
+- Share any possible impact or exploitation scenarios.
+
+#### 2.1.3 Expect a response:
+- We will acknowledge receipt of your report within **2 business days**.
+- You will receive updates on the progress as we investigate and resolve the issue.
+
+## 3. Security Patch Process
+
+### 3.1 After a vulnerability is reported and verified:
+- We will assess its severity and impact.
+- A fix will be developed and tested internally.
+
+The resolution will be included in the next available release. If necessary, a security patch will be issued immediately.
+
+Affected users will be notified in the GitHub repository's **Releases** page and other relevant channels.