We are an incubating WG is going through the initial life cycle phases to address open source software security for AIML workloads. The developing scope involves analyzing open source AIML data sets, data models and OSS code mashups used in AIML to articulate the specific security concerns and controls for the subset of OSS AIML workloads. This is important because the accelerated adoption of AIML has an OSS and security component that is not well understood, and OpenSSF can play an industry leading position.
This committee interlocks with the LF Data and AI foundation monthly to avoid effort duplication.
Roadmap goals: [high level efforts for upcoming 18 months]
- Create high two level white papers, one an executive overview and the other directed at practitioners and industry leadership positions (can work with Marketing committee for broad distribution)
- Explore a “security slam” for existing OpenSSF tooling to see how it protects/applies to OSS AIML workloads; develop OSS security patterns for use cases where OSS AIML components are integrated in the supply chain.
- Coordinate with other working groups to examine crossovers and gaps.
Note this was initially copied from OpenSSF Mission, Vision, (Values), Strategy, and Roadmap (MVSR) but may diverge as we add more detail.