search

chaoss / wg-data-science

CHAOSS Data Science Working Group: collaborate and improve open source project health using data science-based approaches
MIT License
7 stars 4 forks source link

[Practitioner Guide]: Security #22

Open geekygirldawn opened 5 months ago

geekygirldawn commented 5 months ago

Practitioner Guide Topic (1 - 3 words)

Security

Primary Metrics (2 - 4 metrics)

Why is this topic important? How will this help people improve their open source project and / or community? Who will benefit from this guide?

Security is an important concern for all technology projects, including open source ones, and it's important to regularly assess the security of the projects we are working on to improve the security of our projects, but it's also important for the people who are using or considering using a project to assess the viability of that project from a security perspective.

How would you like to see this guide developed?

I am interested in using this guide, but I do not want to write it myself.

Additional Notes

Here is the doc where this guide will be developed: https://docs.google.com/document/d/1ZcUHO6-HycOQtIj6_vPgSb0ageYdmYuGetlRESnF9BE/edit

For an example of a nearly finished Insight Guide that you can use to better understand what should be in each section and how much detail to include, please see the Responsiveness guide.

sduenas commented 5 months ago

Security is a wide concept. Should the name of the insight guide specify what parts of security it will address? Or the idea is to start with something generic and later break down the guide into several ones?

geekygirldawn commented 5 months ago

The idea behind the Insight Guides (at least for right now) is to help people get started with metrics. We know that people are overwhelmed; they don't know where to start; and they don't know what to do with the output of the metrics when they have them. For security, we want to put together something that helps them start to understand how to assess security for a project from a general standpoint with the idea that they will hopefully be able to take it to the next step and expand beyond what we have to explore other security topics. My concern is that if we make the guides too detailed or too complicated by trying to address all possible security topics, people might become overwhelmed by the guides as well :)

sduenas commented 5 months ago

Got it. I totally agree with you on the purpose of this guide. If you can find a better name for the guide, I think it will help better to understand its purpose and domain but for now, that can be enough :)