Add CONTRIBUTING.md

CONTRIBUTING.md

@@ -0,0 +1,41 @@
+# CONTRIBUTING
+
+> **To submit code, patches, and proposals to Zend Framework, contributors must
+agree to the New BSD License and also submit a signed
+[Contributor License Agreement (CLA)](https://github.com/zendframework/zf1/wiki/Contributor-License-Agreement-%28CLA%29).**
+
+## RESOURCES
+
+If you wish to contribute to Zend Framework, please be sure to
+read/subscribe to the following resources:
+
+ -  Coding Standards:
+    http://framework.zend.com/manual/1.12/en/coding-standard.html
+ -  ZF Git Guide:
+    [README-GIT.md](README-GIT.md)
+ -  Contributor's Guide:
+    http://framework.zend.com/participate/contributor-guide-v1
+ -  ZF Contributor's mailing list:
+    Archives: http://zend-framework-community.634137.n4.nabble.com/ZF-Contributor-f680267.html
+    Subscribe: zf-contributors-subscribe@lists.zend.com
+ -  ZF Contributor's IRC channel:
+    #zftalk.dev on Freenode.net
+
+## Reporting Potential Security Issues
+
+If you have encountered a potential security vulnerability in Zend Framework,
+please report it to us at [zf-security@zend.com](mailto:zf-security@zend.com).
+We will work with you to verify the vulnerability and patch it.
+
+When reporting issues, please provide the following information:
+
+- Component(s) affected
+- A description indicating how to reproduce the issue
+- A summary of the security vulnerability and impact
+
+We request that you contact us via the email address above and give the project
+contributors a chance to resolve the vulnerability and issue a new release prior
+to any public exposure; this helps protect Zend Framework users and provides
+them with a chance to upgrade and/or update in order to protect their applications.
+
+For sensitive email communications, please use [our PGP key](http://framework.zend.com/zf-security-pgp-key.asc).