GUIDELINES.md

Community Guidelines for the DHS SBOM Cohort Community

Inclusive and Respectful Environment: We are committed to creating an inclusive and respectful environment where all members can contribute and collaborate without discrimination based on race, gender, sexual orientation, religion, disability, or any other personal characteristics. Perhaps most importantly, treat others with kindness, empathy, and respect.

Open Communication: Maintain open and transparent communication within the community. Encourage constructive discussions, exchange of ideas, and provide feedback in a respectful manner. Be open to different perspectives.

Collaborative Development: Embrace a culture of collaboration and teamwork. Encourage members to work together, share knowledge, and help each other.

Code of Conduct: Adopt a code of conduct that outlines acceptable behavior within the community. Ensure that all members are aware of and adhere to the code of conduct. Address any violations promptly and fairly.

Quality and Standards: Maintain a commitment to producing high-quality software. Encourage adherence to coding standards, documentation practices, and appropriate software engineering principles. Promote the use of testing, code reviews, and continuous integration to ensure reliable and efficient code.

Issue and Task Management: Use GitHub issues to manage tasks, bugs, and feature requests. Encourage members to participate in issue triaging, bug fixing, and providing assistance to others. Maintain clear and concise documentation for issue reporting and resolution.

Community Governance: Establish a transparent governance model that ensures decision-making processes are open and inclusive. Encourage community participation in decision-making, such as feature prioritization, release planning, and project direction.

Decision Making

1. Goals

   1. Transparent, outcome-oriented, fast-paced decision-making.
   2. Enable the cohort vendors to comply with their contractual obligations.
   3. Enable both the cohort vendors and external collaborators to collaborate effectively.

2. Principles (prioritized)

   1. The projects must meet the contractual obligations.
   2. Decisions will be made by the cohort vendors.
   3. The community is open to everyone.
   4. The cohort companies are committed to transparency, open-mindness and, in general, to suggestions from everyone.

3. Decision Making Process

   1. Significant decisions regarding the direction or scope or strategy of the project will be made by the steering committee. Tactical design and implementation decisions will be made by individual engineers and teams involved in the project.
   2. Each project (sbom-translation and sw-identifiers) will have a steering committee.
   3. All vendors can have one representative in the steering committee. The representative does not need to be the same one.
   4. Decisions will be decided by a majority, and a minimum of two votes, of a time-limited vote (if you miss it, you have lost your chance). Time frame: a week or more if so decided for a specific decision.
   5. Quorum for decision making requires at least fifty percent of all voting members.
   6. Steering committee will decide on its own communications methods (meetings, issue-chains, shared docs etc.).
   7. Communication regarding decisions must adhere to the following principles:
      1. Topics for decisions must be documented with clear options, and preferably also considerations (pros and cons).
      2. A discussion must take place (no matter the medium)
      3. In any case a majority of the committee requires a face-to-face meeting - such must take place.
   8. The decision-agenda (what will be voted) will be generated by the following prioritized principles
      1. Cohort blocking decisions
      2. Community blocking decisions
      3. Other decisions
   9. Topics out of discussion
      1. Any topic that collides with the DHS SVIP contract.