We encourage all security professionals to improve this reference architecture. Join the team to:

  • Add security or privacy principles.

  • Add security or privacy models.

  • Help us create the largest OSS reference framework on OSS security and privacy applications and tools.

  • Create better graphics and text.

  • Add threat models that can be easily reused.

  • Improve criteria on selecting OSS solutions for security and privacy applications.

Your contributions to this Guide are greatly appreciated as long as contributions fit within the scope and goal of this security and privacy reference architecture. As an open project, this Open Reference Architecture for Security and Privacy shall always remain vendor-neutral and freely available for all to use. If you contribute you will of course get credit (mentioned in upcoming publications).

You can contribute using the following Github repository:

Please observe our contribution guidelines before creating a pull request:

With the exception of typos and spelling mistakes (feel free to fix these and they’ll be merged), please take notice of the following guidelines:

  • Always open an issue first. This will allow us to determine whether or not the change should take place. Explain your issue, and we will discuss it with you. If we agree the change is necessary we will mark it as TODO and will fix it when we get a chance, or we will allow a member of the community to supply the change with a pull request.

  • Note that this reference architecture is intended to be a helpful resource aimed at professional security/privacy architects and designers.

  • Contributions must fit within the scope and goal of this security and privacy reference architecture. Of course we like to discuss your input for changing scope or goals if needed!

Please follow the following procedure when contributing to this document:

  • Fork the chapter you want to change or contribute on GitHub, with the Fork button

  • Clone the repository to your computer

  • Create a branch in which you make your patch git checkout -b <branchname>

  • Make your changes, commit and push the branch

    •         edit, edit, edit

    •         git add files, git commit

    •         git push origin <branchname>

  •     Create a pull request for the branch <branchname> you created (not ‘master’)

Since we know many security professionals are not familiar with GitHub, we are currently investigating other methods to lower barriers for contributing to this project.

The maintainers review your pull request and your patch is merged with the master branch ASAP.


When you submit text to which you hold the copyright, you agree to license it under:

  • Creative Commons Attribution-ShareAlike 4.0 International License (“CC BY-SA”)