Becoming a Project Contributor
Thank you for your interest in becoming a contributor. Contributors are an essential part of our community. The OWASP GenAI Security Project is a community-led, expert backed community focused on helping organizations securely deploy AI systems and applications.
You are just a few steps away.
Getting Started
To help you get started we want to provide answers and guidance to the most common Questions for new contributors. These include what does it mean to contribute?, what are the requirements for contribution?, how are contributions licensed?, what are the areas of need for contribution, and most of all where do I go to contribute. Below we’ve outlined five areas to help you engage with the project.
After reviewing the sections below, if you have questions you can allways reach out to any of the initiative or core team leaders on slack or feel free to post your questions to the Contribute Q&A Google group; contribute.genai.owasp.org.
You do not need to be an OWASP Member to be a contributor but it is highly encouraged as it help support the overall work of the OWASP Foundation. Go here for OWASP membership details.
#1 Review Project Charter
The OWASP Gen AI Security Project is a global, open-source initiative dedicated to identifying, mitigating, and documenting security and safety risks associated with generative AI technologies, including large language models (LLMs), agentic AI systems, and AI-driven applications. Our mission is to empower organizations, security professionals, AI practitioners, and policymakers with comprehensive, actionable guidance and tools to ensure the secure development, deployment, and governance of generative AI systems.
Full Mission and Charter, Project goals
#2 Learn How the Project Works
As a contributor it’s helpful to understand how the project is structured so you can understand both who to reach out to for what and how you might present new ideas to the project for review and approval. With the speed of change in AI system and Agentic applications we are always looking for new areas that need to be addressed.
Reviewing the Governance will gain an understanding of
- General project governance
- How decisions are made
- Project structure, so you know who to go to for what
- How to propose new initiatives
#3 Review Contribution Licencing & Recognition Rules
The GenAI Security Project releases all guidance resources and code under one of the appropriate permissive OSI (Open Source Initiative) licenses including Creative Commons, Apache 2.0, or MIT style of licenses.
At this time the project does not require an individual or company to complete a contribution agreement. Instead the act of contribution to the appropriate project asset, automatically grants the OWASP GenAI Security Project the right to include and distribute the contribution under a project defined OSI licence in perpetuity.
It is understood that the contributor owns the rights to grant their contribution, as an individual.
All significant contributors to a project asset will be referenced and recognized as contributors as part of the distributed asset or resource. Or in the case of software tools or source code contributions the contributors will be listed in the contributors.md file associated with the specific asset.
Refer To The Project Governance for Further Licensing Details
#4 Find Your Workgroup Area of Interest
The Project maintains and updates the quarterly roadmap for all project initiatives. This is a great place to see what work is underway for each project initiative and what is planned for the roadmap.
Each initiative uses an agile Sprint model (typically 4 sprints) for the development, review and publishing of each asset. You can jump in at any stage. This is also where you will find the list of initiative leads and related slack channels.
#5 Connect to Contribute
Connect to the OWASP Slack
The project leverages Slack as the primary mechanism for working groups and ongoing communications within the project. You will need a Slack account of your own and you will need to request access to the OWAP Slack Workspace to be able to access the channels.
There are 2 ways to request Slack Workspace Access
- OWASP Foundation Slack Access Request Link
https://owasp.org/slack/invite - OWASP Jira Form Request (requires sign-up to access)
https://owasporg.atlassian.net/servicedesk/customer/user/login?destination=portals
If you are having trouble with these methods simply send a request to the Contribute Q&A Google group; contribute.genai.owasp.org.
Get started by joining the projects general slack channel.
#project-genai
All GenAI Project Slack Channels follow the format:
#team-genai-(workstream)
Set-up your Github Account
The project leverages a combination of Google docs and GitHub for contributions. The use of GitHub is depended upon each initiative workstream and set of deliverables. You will need your own GitHub account to be able to contribute to the workstreams.
Currently the project is in the process of consolidating our GitHubs for easier navigation by contributors.
Each initiative has its own specific github Today. Check with each Project Inititive page, from the “Projects” dropdown menu to identify the appropriate github.
#6 Raise Your Hand or Lurk For A While
Once you have decided where you want to help out , just raise you hand and volunteer to the initiative leads. they will help you get connect on what their needs are. No ceremony here. Or feel free to lurk and learn for a while. Nothing wrong with that. Its a great way to get a feel for where the gaps are in the roadmap and where you can contribute. Rest assured your contribution will be welcomed.
