From a8f10ab2a46e802bee8973ec562249cd755954e4 Mon Sep 17 00:00:00 2001 From: Shain Singh Date: Mon, 24 Jul 2023 22:30:05 +1000 Subject: [PATCH] merge develop (#24) * create initial CHARTER.md * modified contributing.md (#23) 'mirror' contributing page from wiki --- CHARTER.md | 45 ++++++++++++++++++++++++++++++ CONTRIBUTING.md | 74 +++++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 113 insertions(+), 6 deletions(-) create mode 100644 CHARTER.md diff --git a/CHARTER.md b/CHARTER.md new file mode 100644 index 0000000..f2d76ad --- /dev/null +++ b/CHARTER.md @@ -0,0 +1,45 @@ +# OWASP Project MLSec Top 10 - Working Group Charter + +## Purpose + +The primary aim of of the OWASP Machine Learning Security Top 10 project +is to deliver a standard awareness document for developers and application +security practitioners. As such, a major goal of this project is to develop +a high quality deliverable, reviewed by industry peers. + +## Target Audience + +The primary audience for the deliverables in this project are developers, +machine learning engineering and operational practitioners, and +application security experts. While each of these roles +build, operate and secure machine learning systems, the content is not +aimed to be exclusively at them. The content will aim to specify where +appropriate the level of understanding required for specific technology +domains. + +## Scope + +This project will provide an awareness document that lists the risks +associated with machine learning systems. Due to the rapid adoption +of machine learning systems, there are related projects within +OWASP and other organisations, that may have narrower or broader +scope than this project. As an example, while adversarial attacks +is a category of threats, this project will also cover +non-adversarial scenarios, such as security hygiene of +machine learning operational and engineering workflows. + +## Governance + +The project will: + +- Adhere to the OWASP [Project Policy](https://owasp.org/www-policy/operational/projects.html) + +Project Leaders will: + +- Follow and adhere to all OWASP Foundation [policies and procedures](https://owasp.org/www-policy/) +- Lead the project as per the [Project Leader Handbook](https://owasp.org/www-pdf-archive/PROJECT_LEADER-HANDBOOK_2014.pdf) +- + +Project Contributors will: + +- Follow and adhere to the [code of conduct](/CODE_OF_CONDUCT.md) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 05c12f3..46f6454 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,11 +1,73 @@ -# Contributing +# Contribution Guidelines -We encourage anyone to contribute issues, feedback and so on via logging an issue. +Thank you for your interest in contributing to the OWASP Machine Learning +Security Top 10! We are thrilled that you are interested in improving the +quality of our project. By following these guidelines, you can help us maintain +a welcoming and collaborative community for everyone. -## Forking +## Code of Conduct -You are more than welcome to fork the OWASP Machine Learning Security Top 10, but please abide by the Creative Commons BY-SA 4.0 license. +Before you start contributing, please read and abide by our +[Code of Conduct](https://github.com/OWASP/www-project-machine-learning-security-top-10/blob/master/CODE_OF_CONDUCT.md). +We expect all contributors to treat each other with respect and create a +positive and inclusive environment. -## Pull requests +## Ways to Contribute -We welcome pull requests for fixes. +There are several ways you can contribute to our project: + +### Participate in Discussions + +Our project uses several forms of communication to allow contributors to choose +their preference: + +- [Google Group](https://groups.google.com/u/1/a/owasp.org/g/project-machine-learning-security-top-ten) +- [Join the OWASP Slack group](https://owasp.org/slack/invite) and the + [#project-mlsec-top-10 channel](https://owasp.slack.com/archives/C04PESBUWRZ) +- [Github Discussions](https://github.com/OWASP/www-project-machine-learning-security-top-10/discussions) + +Contributors are encouraged to introduce themselves, and ask questions in the +discussion groups. + +### Reporting Document and Website Issues + +Issues with documentation and the project website can be reported using the +[following form](https://github.com/OWASP/www-project-machine-learning-security-top-10/issues/new?assignees=shsingh&labels=issues/general,issues/triage&projects=&template=feedback-report.yaml&title=[FEEDBACK]:+) +and choosing either "Documentation Issue Report" or "Website Issue Report" from +the 'Type' dropdown category. + +### Suggestions for Enhancements + +If you have a idea or suggestion for an enhancement, feel free to use the +[enhancement request form](https://github.com/OWASP/www-project-machine-learning-security-top-10/issues/new?assignees=shsingh&labels=issues/general,issues/triage&projects=&template=feedback-report.yaml&title=[FEEDBACK]:+) +and choosing "Suggestion for Improvement" from the 'Type' dropdown category. + +## Github Information + +### Pull Requests + +We welcome code contributions! If you want to fix an issue or suggestion a new +enhancement, we ask that you follow these steps: + +- Ensure you have configured Github + [with your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key) + and have verified you are + [signing your Git commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) +- Fork the repository to your GitHub account. + - You are more than welcome to fork the OWASP Machine Learning Security Top + 10, but please abide by the Creative Commons BY-SA 4.0 license. +- Create a new branch for your fix or enhancement off the 'develop' branch. +- Make your changes and sign your commit with a concise title and descriptive + comment. +- Push your changes to your repository's fork. +- Submit a pull request (PR) to our repository's 'develop' branch. + +### Commit Messages + +Write clear and concise commit messages that describe the changes made in the +commit. + +### Code Review + +Be open to feedback during the code review process. Address the feedback +promptly and make necessary changes if requested.