The purpose of the Metrics & Metadata (formerly Identifying Security Threats) working group is to enable stakeholders to have informed confidence in the security of open source projects. We do this by collecting, curating, and communicating relevant metrics and metadata from open source projects and the ecosystems of which they are a part.
In this new version (1.2) there is no section about ML/AI risks because OpenSSF has a dedicated WG about this topic (#wg_ai_ml_security). In the future, these two WGs could work together to add a section to this document.
This PR will solve https://github.com/ossf/wg-identifying-security-threats/issues/18.
The diff doesn't work so well, so here are the new or edited sections:
Google Doc: Threats, Risks, and Mitigations in the Open Source Ecosystem v 1.2
cc @Amir-Montazery
In this new version (1.2) there is no section about ML/AI risks because OpenSSF has a dedicated WG about this topic (#wg_ai_ml_security). In the future, these two WGs could work together to add a section to this document.