Update README.md

kwwall · web-flow · commit d13a4a99fe57 · 2017-12-15T16:48:54.000-05:00
Change Chris Schmidt reference to Matt Seil.
Add reference to 'FirstBug' under the contributing section.
diff --git a/README.md b/README.md
@@ -27,6 +27,8 @@ https://github.com/ESAPI/esapi-java
 ## How can I contribute or help with fix bugs?
 Fork and submit a pull request! Simple as pi! We generally only accept bug fixes, not new features because as a legacy project, we don't intend on adding new features, although we may make exceptions. If you wish to propose a new feature, the best place to discuss it is via the ESAPI-DEV mailing list mentioned below. Note that we vet all pull requests, including coding style of any contributions; use the same coding style found in the files you are already editing.
 
+If you are new to ESAPI, a good place to start is to look for GitHub issues labled as 'FirstBug'. (E.g., https://github.com/ESAPI/esapi-java-legacy/labels/FirstBug)
+
 ### What happened to Google code?
 In mid-2014 ESAPI Migrated all code to GitHub. This migration was completed in November 2014.
 
@@ -39,7 +41,7 @@ When reporting an issue, please be clear and try to ensure that the ESAPI develo
 If you have found a bug, then create an issue on the esapi-legacy-java repo: https://github.com/ESAPI/esapi-java-legacy/issues
 
 ### Find a Vulnerability?
-If you have found a vulnerability in ESAPI legacy, first search the issues list (see above) to see if it has already been reported. If it has not, then please contact both Kevin W. Wall (kevin.w.wall at gmail.com) and Chris Schmidt (chris.schmidt at owasp.org) directly. Please do not report vulnerabilities via GitHub issues or via the ESAPI mailing lists as we wish to keep our users secure while a patch is implemented and deployed. If you wish to be acknowledged for finding the vulnerability, then please follow this process. (Eventually, we would like to have BugCrowd handle this, but that's still a ways off.) Also, when you post the email describing the vulnerability, please do so from an email address that you usually monitor.
+If you have found a vulnerability in ESAPI legacy, first search the issues list (see above) to see if it has already been reported. If it has not, then please contact both Kevin W. Wall (kevin.w.wall at gmail.com) and Matt Seil (matt.seil at owasp.org) directly. Please do not report vulnerabilities via GitHub issues or via the ESAPI mailing lists as we wish to keep our users secure while a patch is implemented and deployed. If you wish to be acknowledged for finding the vulnerability, then please follow this process. (Eventually, we would like to have BugCrowd handle this, but that's still a ways off.) Also, when you post the email describing the vulnerability, please do so from an email address that you usually monitor.
 
 ## Where to Find More Information on ESAPI
 
