by Helen Woeste, Communications and Community Manager
Amir and I were in London for State of Open Con earlier this year, where we attended a talk by Kat Cosgrove and Jeremy Rickard called “Are You Not Entertained? Open Source Isn’t a Coliseum.” This presentation was about conflict in community and how to utilize governance, like Codes of Conduct, to outline what professional behavior is in open source spaces. It was a wildly entertaining discussion with real-life examples pulled from Github to illustrate how disputes arise, are resolved, and how to prevent them from happening again. Walking away from that talk, OSTIF had a lot to think about in terms of how to apply what we learned to our work.
As we’ve taken on more opportunities with new communities and started to develop and engage with a security community of our own, it has been a joy to see our mission be shared with supporters. With that increased public awareness, there is the potential for people to see our third party platform and audits as an opportunity to speak “out of pocket”- inappropriately or rudely towards others.
Let us state this unequivocally: OSTIF does not endorse or allow harassment, unprofessional conduct, or rude words in our spaces. This applies to ourselves, our audit teams, project collaborators, and community members.
We put together a Code of Conduct, which will live here on our website for reference. The expectation is that anyone we work with, in any capacity, will adhere to this Code. Understand that this regulation is not to exclude anyone from working with us, but to include those who can hold themselves accountable to a professional standard of behavior. Disagreements happen, especially in security, and we are not trying to dissuade or eliminate those kinds of conversations. We are requiring that they happen respectfully.
Any questions, comments, or concerns about this Code of Conduct should be directed to our email [email protected].
OSTIF Code of Conduct
Implementation Date: June 1, 2025
Implementation Period: Ongoing and in Perpetuity
Objective: OSTIF enacted a Code of Conduct (CoC) to provide guidance and expectations as to how the organization interacts with its community and how community members interact with each other.
In a sentence: Be kind, inclusive, and accepting of everyone in our community.
As a community and organization, we pledge to respect all people who contribute through partnerships, security audit collaborations, project-related interactions, and other relevant activities.
We are committed to making participation in our community and with our organization a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, or religion.
Examples of unacceptable behavior by participants include the use of sexual language or imagery, derogatory comments or personal attacks, trolling, public or private harassment, insults, or other unprofessional conduct.
OSTIF Staff have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. Project maintainers who do not follow the Code of Conduct may be removed from the project team.
This code of conduct applies both within project spaces and in public spaces when an individual is representing the project or its community.
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported via the following: [email protected]
You can expect a response within three business days. When reporting a potential Code of Conduct violation, please include the following information in your report:
- Names of the people involved (or if names are unknown, use descriptions and any identifiable info such as appearance, role, username, or handle), including the person who you believe violated the Code of Conduct and any witnesses.
- Description of the incident, including the events that occurred, the date and time, and location or community space where the incident occurred.
- The portion(s) of the CoC you believe to be violated.
- If you have relevant documentary evidence, such as screenshots or photographs, please provide those with your support.