Security chapter added and minor formatting issues fixed

Signed-off-by: Dominic Schabel <dominic.schabel@bosch.io>

CONTRIBUTING.md

@@ -1,4 +1,4 @@
-# Contributing to eclipse hawkBit
+# Contributing to Eclipse hawkBit
 
 :+1: First off, thanks for taking the time to contribute! We really appreciate this. :+1:
 
@@ -32,22 +32,23 @@ So we kindly ask contributors:
 * use utility functions in general based in the following priority:
   * use utility functions from JDK if feasible
   * use Spring utility classes if feasible
-  * use [guava](https://github.com/google/guava) if feasible
+  * use [Guava](https://github.com/google/guava) if feasible
   * use [Apache commons lang](https://commons.apache.org/proper/commons-lang/) if feasible
 
 Note that the guava project for instance often documents where they think that JDK is having a similar functionality (e.g. their thoughts on  [Throwables.propagate](https://github.com/google/guava/wiki/Why-we-deprecated-Throwables.propagate)).
 
 Examples:
 
-* Prefer `Arrays.asList(...)` from JDK over guava's `Lists.newArrayList(...)`
-* Prefer `StringUtils` from Spring over guava's `Strings` Apache's `StringUtils`
+* Prefer `Arrays.asList(...)` from JDK over Guava's `Lists.newArrayList(...)`
+* Prefer `StringUtils` from Spring over Guava's `Strings` and Apache's `StringUtils`
 
 ### Test documentation
 
 Please documented the test cases that you contribute by means of [Allure](https://docs.qameta.io/allure/) annotations and proper test method naming.
 
 All test classes are documented with [Allure's](https://docs.qameta.io/allure/#_behaviours_mapping) **@Feature** and **@Story** annotations in the following format:
-```
+
+```java
 @Feature("TEST_TYPE - HAWKBIT_COMPONENT")
 @Story("Test class description")
 ```
@@ -87,19 +88,21 @@ additionally have an Eclipse Foundation account and must have a signed Eclipse
 Contributor Agreement (ECA) on file.
 
 For more information, please see the Eclipse Committer Handbook:
-https://www.eclipse.org/projects/handbook/#resources-commit
+[https://www.eclipse.org/projects/handbook/#resources-commit](https://www.eclipse.org/projects/handbook/#resources-commit)
 
 HowTo "Sign-off" your commits:
 
 You do this by adding the `-s` flag when you make the commit(s), e.g.
 
-    git commit -s -m "Shave the yak some more"
+```bash
+git commit -s -m "Shave the yak some more"
+```
 
 ### License Header
 
 Please make sure newly created files contain a proper license header like this:
 
-```
+```java
 /**
  * Copyright (c) <year> <author> and others.
  *
@@ -131,6 +134,11 @@ Submit a pull request via the normal GitHub UI (desktop or web).
 
 * Do not use your branch for any other development, otherwise further changes that you make will be visible in the PR.
 
+## Reporting a security vulnerability
+
+If you find a vulnerability, **DO NOT** disclose it in the public immediately! Instead, give us the possibility to fix it beforehand.
+So please don’t report your finding using GitHub issues and better head over to [https://eclipse.org/security](https://eclipse.org/security) and learn how to disclose a vulnerability in a safe and responsible manner
+
 ## Further information
 
 * [Eclipse Project Page](http://projects.eclipse.org/projects/iot.hawkbit)