Add contributor guidance (OSPS-DO-02) (#124)

Signed-off-by: Evan Anderson <[email protected]>

CONTRIBUTING.md

@@ -0,0 +1,26 @@
+# Contributing to the Security Baseline
+
+## Contributing to the Criteria:
+
+Currently, all the baseline criteria are in `baseline.yaml`; follow the structure
+[in the README](./README.md#baseline-structure) when proposing new entries.
+
+## Contributing to the Tooling:
+
+The baseline is published to https://baseline.openssf.org/ (via GitHub Pages) via
+Jekyll (a static site generator) using scripts from `./cmd` and formatting from
+`./docs`, using GitHub Actions.
+
+## PR guidelines
+
+All changes to the repository should be made via PR
+([OSPS-AC-03](https://baseline.openssf.org/#osps-ac-03)).  In addition to a clear
+title and descriptive commit message, PRs MUST meet the following criteria:
+
+* DCO signoff (via `git commit -s` -- [OSPS-LE-01](https://baseline.openssf.org/#osps-le-01))
+* All checks must pass ([OSPS-QA-04](https://baseline.openssf.org/#osps-qa-04))
+
+## Maintainer Status
+
+See [./governance/GOVERNANCE.md](./governance/GOVERNANCE.md#maintainer-status) for
+the process of achieving maintainer status on the project.

README.md

@@ -37,7 +37,7 @@ Each entry has the following values:
 
 ## Contribution, Governance, & Security
 
-Contributions are always welcome via pull request or GitHub Discussions. Refer to the governance documentation for information about [how the project operates] and [how to report security-related issues].
+Contributions are always welcome via pull request or as issues, and can also be discussed on the [`#sig-security-baseline` channel on OpenSSF Slack](https://openssf.slack.com/archives/C07DC6TT2QY). Refer to the governance documentation for information about [how the project operates] and [how to report security-related issues].
 
 ### Antitrust Policy Notice