AI / ML Working Group

[lukehinds]

The AI / ML (temp) working group is on the verge of its 5th meeting.

The group has agreed its mission statement:

To develop and share best practices and tooling to support the management of the security risk related to the consumption and production of AI/ML in open source communities. This includes securely using AI/ML in resulting software/products, using AI/ML to detect vulnerabilities, developing recommendations on how to securely develop AI/ML software and models, and using AI/ML to securely generate code and models.

The group has agreed a vision:

To understand the implications and impact of recent developments AI/ML, especially large language models (LLMs), on the security of open source code and communities and to help the OpenSSF in leading the charge on best practices and tooling to support secure use of AI/ML by open source communities and those who use their outputs (e.g. software and models).

More details here: https://docs.google.com/document/d/1Dvg1qRXb3nMFH37n52JN6jKso324j0BS5C0QDOZ-W3g/edit#

The group has a diverse attendance from multiple vendors and many folks are willing to contribute to potential Workstreams discussed by the group

This issue is request a sponsor from the TAC and reserve a slot 27th June, where we will seek approval to form an official working group (contingent upon finding a sponsor ofc).

[lehors]

Hi,
The proposal doesn't say anything about other initiatives in this space already underway outside of OpenSSF and how this differs. In particular, it would be good to position this with regard to LF AI & Data which has several projects this proposal seems to overlap with, starting with the ML Security Committee: https://lfaidata.foundation/projects/ml-security-committee/
One would hope to at least see some collaboration.
Thanks.
Arnaud

[SecurityCRob]

With our Foundation's focus on use cases and threat models associated with the consumption of open-source software, how do you feel this proposed group fits within that?

[lukehinds]

Hi, The proposal doesn't say anything about other initiatives in this space already underway outside of OpenSSF and how this differs. In particular, it would be good to position this with regard to LF AI & Data which has several projects this proposal seems to overlap with, starting with the ML Security Committee: https://lfaidata.foundation/projects/ml-security-committee/ One would hope to at least see some collaboration. Thanks. Arnaud

We will refer to any prior art / other efforts and if collaborate folks are willing from both sides.

[david-a-wheeler]

FYI: @brianbehlendorf is going to meet with Ibrahim Haddad, the General Manager of the LF AI & Data Foundation, to talk about coordination. Nobody wants duplicative efforts.

[lehors]

Thanks. I think anyone who wants to propose new work needs to explain how it relates to existing efforts and why it is worth pursuing.

[SecurityCRob]

Citing the WG Lifecycle ( https://github.com/ossf/tac/blob/main/process/working-group-lifecycle.md ) we're currently considering making this an incubating working group as described below:

To become Incubating:

Proposal of scope for review by TAC
    This is to help ensure limited overlap with existing WG
Have met at least 5 times
    For these, meeting notes (or ideally recordings) are public
Have at least 5 interested individuals from at least 3 different organizations attending regularly
1 TAC sponsor
    TAC sponsor agrees to attend WG meetings regularly
    TAC sponsor does not need to have a formal role in WG, e.g., chair
    TAC sponsor requests TAC approval
TAC will vote to approve or provide constructive guidance

We will need to have that TAC sponsor identified as we discussed on the 27June call.

[therealnb]

There is a gap/overlap analysis here https://docs.google.com/document/d/11tXIecCx-PHaLGJwqT_o31WbUVXHz7mR2auxArYwnjQ/edit

The general thought is that we can contribute to and benefit from other groups, but the proposed AI/ML Openssf WG has enough mass to stand on its own.

[lehors]

There is a gap/overlap analysis here https://docs.google.com/document/d/11tXIecCx-PHaLGJwqT_o31WbUVXHz7mR2auxArYwnjQ/edit

Thanks this helps. At a high level it seems that the proposed WG is oriented towards developers while other efforts like the LF AI Security Committee is more oriented towards users. I think that's a valid differentiator.

The general thought is that we can contribute to and benefit from other groups, but the proposed AI/ML Openssf WG has enough mass to stand on its own.

This argument on the other hand is in my opinion a very poor rationale. This makes it sound like because it's winning the popularity contest it's worth launching. We need to refrain from duplicating efforts and force the industry to split its attention between competing efforts.

[steiza]

I've had the opportunity to attend the last two AI / ML group meetings, on July 12th and 19th. There's a ton of positive energy from the group, and wide ranging discussions about how producers and consumers of AI/ML overlap with software supply chain security.

There's also a "chicken-and-egg" problem where this group would like to continue meeting to further clarify their mission, work on deliverables, and identify collaboration opportunities with other bodies, in tension with unclear definitions of maturity before labeling an effort an official OpenSSF Working Group.

I think we were able to unblock some of the needs of this group by creating a repository for collaboration at https://github.com/ossf/ai-ml-security/, and particularly at the July 12th meeting the consensus seemed to be to focus on deliverables like the The AI/ML OSS Security Landscape, instead of continuing to get bogged down in discussions of process and governance.

With that in mind, my suggestion is that the AI/ML group continue to meet and work on those deliverables, but that it's premature to call for a vote on establishing it as Working Group.

If there are additional needs this group is blocking on, please let us know so we can unblock to the best of our ability. We should revisit this question of being a Working Group in a few months when the group has had time to publish deliverables.

[therealnb]

Thanks for coming to those meetings, Zach.
I agree entirely. A little more time will see which direction the group goes.

[SecurityCRob]

Perhaps the group comes back to the TAC in September as things firm up more and the direction is more set?

[therealnb]

Yes, we should know more by then. That sounds fair enough to me. Thanks.

[SecurityCRob]

Have we been able to identify a TAC sponsor for this effort yet?

[therealnb]

No. We agreed to let it ferment for a while and come back to the TAC then.

[therealnb]

@SecurityCRob we have a TAC sponsor now, Dan Appelquist @torgo.

[SecurityCRob]

woot woot! thank you @torgo !

[therealnb]

We were voted an incubating group. Do we close this now?

[SecurityCRob]

On 5Sept2023 the TAC unanimously voted to accept the AI/ML group as a working group within the openssf. Dan A will work with group to get charter, mvsr, etc. setup. Welcome aboard!

[SecurityCRob]

closing issue