Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

What do we want to do in 2025? #26

Open
TheFoxAtWork opened this issue Jan 6, 2025 · 2 comments
Open

What do we want to do in 2025? #26

TheFoxAtWork opened this issue Jan 6, 2025 · 2 comments

Comments

@TheFoxAtWork
Copy link
Contributor

TheFoxAtWork commented Jan 6, 2025
edited
Loading

  • Information exchange still nice to be done here
  • Building on the Model Signing project’s work.
  • from Jay - if we could iron out what security efforts look like that are developing
    • Smaller language models, “open models” being used.
    • Thinking about supply chain security efforts - how developers pull off datasets, developing and using smaller language models, developing open model systems. What are those security efforts from an openssf perspective.
    • How this can be used for other organizations? What is the open source elements those organizations can take advantage of?
    • Things have improved we’re in a position we can do this.
    • Best Practices, pipeline security, supply chain transparency
    • Vulnerabilities in ML - here or joint with the vuln wg
    • What is the overlap of AIML security with the other WGs in OpenSSF, what should we be engaging with them on.

Please add your ideas here so the group can create distinct issues for items we choose to pursue.

“definition of done” is when individual issues have been created and prioritized.

Please have any additional items added here by January 19th 2025
@mihaimaruseac
Copy link
Contributor

On the supply chain security/transparency track, I'm thinking of how we can adapt SLSA for ML. We can build on top of model signing, sign datasets, create SLSA-aware ML training pipelines that practitioners can use with minimal changes to their workflows

@sevansdell
Copy link

Andrey Shorov, Elif Soykan and I want to produce the following (with the rest of the WG help fi you'd all like):

  • Q1: White paper: MLSecOps Map AIML WG outputs to MLSecOps diagram #16
    MLSecOps - Google Drive. Using the Ericsson reference architecture, how OWASP ML top ten are prevented, where current tools are generated/leveraged (e.g. OpenSSF tools like SLSA, Model card signing, generate an AIBOM, and where there are gaps)
    -Q2: White paper: LLMSecOps: Using a combination of OPEA reference architecture and https://air-governance-framework.finos.org/ Build out how OWASP LLM top ten are prevented, where current tools are generated/leveraged (e.g. .g. OpenSSF tools like SLSA, Model card signing, generate an AIBOM, and where there are gaps?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mihaimaruseac @TheFoxAtWork @sevansdell