Merge pull request #2 from Security-Knowledge-Framework/main

Init Repo for feedback and issue templates

Author: SecurityCRob

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -0,0 +1,59 @@
+name: 🐞 Bug Report
+description: File a bug report to help us improve the Global Cybersecurity Skills Framework.
+title: "[Bug]: "
+labels: [bug]
+assignees: []
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thank you for reporting a bug! Please fill out the form below to help us reproduce and fix the issue.
+
+  - type: input
+    id: page
+    attributes:
+      label: File or page where the bug occurs
+      description: Include the file name or path (e.g., `roles/developer.json`)
+      placeholder: e.g. `roles/developer.json`
+    validations:
+      required: true
+
+  - type: textarea
+    id: what-happened
+    attributes:
+      label: Describe the bug
+      description: A clear and concise description of what the bug is.
+      placeholder: e.g. Wrong skill level listed for 'Incident Response Analyst'
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected
+    attributes:
+      label: What did you expect to happen?
+      description: Tell us what the correct behavior should be.
+      placeholder: I expected to see...
+
+  - type: dropdown
+    id: priority
+    attributes:
+      label: Priority
+      options:
+        - Low
+        - Medium
+        - High
+        - Critical
+      description: How urgent is this issue?
+    validations:
+      required: false
+
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Code of Conduct
+      options:
+        - label: I agree to follow the Linux Foundation Code of Conduct.
+
+
+          required: true

.github/ISSUE_TEMPLATE/feature_request.yaml

@@ -0,0 +1,60 @@
+name: ✨ Feature Request
+description: Suggest a new feature or improvement to the Global Cybersecurity Skills Framework.
+title: "[Feature Request]: "
+labels: [enhancement, feature-request]
+assignees: []
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thank you for taking the time to suggest a new feature!  
+        Please complete the form below so we can understand and evaluate your proposal.
+
+  - type: input
+    id: feature-title
+    attributes:
+      label: Feature Title
+      description: Short title of the feature or enhancement
+      placeholder: e.g., Add export-to-MarkDown functionality for filtered job roles
+    validations:
+      required: true
+
+  - type: textarea
+    id: feature-description
+    attributes:
+      label: Feature Description
+      description: A clear and concise description of the feature you’d like to see.
+      placeholder: Explain the feature idea, who it benefits, and what problem it solves.
+    validations:
+      required: true
+
+  - type: textarea
+    id: motivation
+    attributes:
+      label: Why is this feature important?
+      description: Describe the use case or scenario where this feature would be valuable.
+      placeholder: e.g., Educators want to export specific job roles with associated skills to create learning pathways.
+
+  - type: textarea
+    id: proposed-solution
+    attributes:
+      label: Proposed Solution (optional)
+      description: If you have an idea on how to implement it, describe it here.
+      placeholder: e.g., Add a download button in the web UI using existing filtered dataset
+
+  - type: checkboxes
+    id: alternatives
+    attributes:
+      label: Have you considered any alternatives?
+      options:
+        - label: I’ve considered other approaches and this seems like the best option.
+        - label: I’m open to other suggestions or implementations.
+
+  - type: checkboxes
+    id: consent
+    attributes:
+      label: Contributor Agreement
+      options:
+        - label: I agree to follow the Linux Foundation Code of Conduct.
+          required: true

.github/ISSUE_TEMPLATE/role_feedback.yaml

@@ -0,0 +1,58 @@
+name: 🧠 Role Feedback
+description: Suggest a change or improvement to a job role or its skill mapping in the framework.
+title: "[Role Feedback]: "
+labels: [role-feedback, enhancement]
+assignees: []
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thank you for contributing to the Global Cybersecurity Skills Framework!  
+        Use this form to propose changes or enhancements to a role definition, skill mapping, or proficiency level.
+
+  - type: input
+    id: role-name
+    attributes:
+      label: Role Name
+      description: The job role this feedback applies to.
+      placeholder: e.g., Application Security Engineer
+    validations:
+      required: true
+
+  - type: dropdown
+    id: change-type
+    attributes:
+      label: What type of feedback is this?
+      options:
+        - Add a new role
+        - Change skill level
+        - Modify task or responsibility
+        - Correct mapping to external standard (e.g., NICE, DoD 8140, e-CF)
+        - Other
+    validations:
+      required: true
+
+  - type: textarea
+    id: description
+    attributes:
+      label: Describe the change
+      description: Clearly explain your suggested change and the reason behind it.
+      placeholder: Please describe what you would like to change and why.
+    validations:
+      required: true
+
+  - type: textarea
+    id: references
+    attributes:
+      label: References or Standards (if any)
+      description: Link to any relevant frameworks, standards, job descriptions, or authoritative sources.
+      placeholder: e.g., NICE Work Role ID SP-DEV-002, NIST SP 800-181r1, LinkedIn job post
+
+  - type: checkboxes
+    id: consent
+    attributes:
+      label: Contributor Agreement
+      options:
+        - label: I agree to follow the Linux Foundation Code of Conduct.
+          required: true

CONTRIBUTING.md

@@ -0,0 +1,61 @@
+# Contributing to the Cybersecurity Skills Framework
+
+Thank you for your interest in contributing to the Cybersecurity Skills Framework! This project is part of the Open Source Security Foundation (OpenSSF) and follows the Linux Foundation's community standards.
+
+## Ways to Contribute
+
+We welcome contributions of all kinds, including:
+
+- Proposing or refining job role definitions
+- Suggesting improvements to skill descriptions
+- Translating or localizing the framework
+- Contributing UI/UX enhancements or bug fixes
+- Creating educational resources or mappings to standards
+- Opening issues and participating in discussions
+
+## Getting Started
+
+1. **Fork the Repository**
+   - Navigate to the [GitHub repository](https://github.com/ossf/cybersecurity-skills-framework)
+   - Click on the "Fork" button
+
+2. **Clone Your Fork**
+```
+git clone https://github.com/your-username/cybersecurity-skills-framework.git
+cd cybersecurity-skills-framework
+```
+
+3. **Create a Branch**
+```
+git checkout -b my-feature-branch
+```
+
+Make Changes & Commit
+```
+git commit -am "Add my contribution"
+```
+
+Push & Open a Pull Request
+```
+git push origin my-feature-branch
+```
+
+Then go to GitHub and open a new pull request.
+
+4. **Filing Issues**
+
+If you find a bug or have an idea, please open an issue and provide as much detail as possible.
+   - Clearly describe the problem or enhancement
+   - Include screenshots, examples, or standards if relevant
+   - Propose a solution if you have one
+
+5. **Code of Conduct**
+
+All contributors are expected to follow the Linux Foundation Code of Conduct.
+
+6. **License**
+
+By contributing, you agree that your contributions will be licensed under:
+   - Apache License 2.0 for software
+   - CDLA for data
+   - Creative Commons Attribution 4.0 for documentation

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright [yyyy] [name of copyright owner]
+   Copyright 2025 Linux Foundation
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

README.md

@@ -1,101 +1,73 @@
-# **OSSF Project/WG Name**
-
-[Brief description of the initiative]
+# **Cybersecurity Skills Framework**
 
+A free, open, and customizable web-based tool developed by the Open Source Security Foundation (OpenSSF) and the Linux Foundation to help organizations assess and build cybersecurity skills across various IT roles. The framework provides skill mapping for 14 job families at different experience levels and aligns with industry standards like NIST NICE, DoD 8140, and ICT e-CF.
 
 ## 
 **Motivation**
 
-[Background / use cases of the problem to be solved]
-
-
-## 
-**Objective**
-
-[What is to be achieved with this initiative]
-
-[OKRs - OPTIONAL]
+Today’s organizations face an urgent need to build cybersecurity capacity across their software, DevOps, operations, and GRC teams. However, most frameworks are overly complex, vendor-driven, or narrowly scoped.
 
+This initiative addresses the need for a simplified, practical, and open cybersecurity skills framework that is:
 
-## 
-**Scope**
-
-[What is in and out of scope]
-
-
-## 
-**Prior Work**
-
+- Role-based and job family-oriented
+- Lightweight and customizable
+- Mapped to real-world proficiencies and responsibilities
+- Open source and vendor-neutral
 
+Use cases include:
 
-*   List of prior and/or related projects
+- Building internal security career paths
+- Mapping workforce training needs
+- Conducting cybersecurity skills assessments
+- Bridging the gap between HR, team leads, and technical staff
 
 ## 
-**Active Projects**
+**Objective**
 
-[Optional]
+To provide an open-source, extensible cybersecurity skills framework that:
 
-## 
-**Inactive Projects**
+- Defines clear roles and responsibilities across 14 job families
+- Maps each role to foundational, intermediate, and advanced skill levels
+- Aligns with common cybersecurity standards and frameworks
+- Encourages adoption across enterprises, education, and governments
 
-[Optional]
 
 # 
-**Get Involved**
-
-*   Official communications occur on the [ADD LINK TO YOUR WG MAILING LIST] (ex: https://lists.openssf.org/g/openssf-tac/topics).  \
-[Manage your subscriptions to Open SSF mailing lists](https://lists.openssf.org/g/main/subgroups).
-*   [Add Slack information if availabable]
-
-## 
-
-
+**Get Involved / Quick Start**
 ### 
-**Quick Start**
 
-*   Areas that need contributions
-*   Build information if applicable
-*   Where to file issues
-*   Etc.
-
-## 
-**Meeting times**
-
-[TODO: Update with your WG meeting details]
-*   Every other Tuesday @ 10:00am PST (Link to calendar invite)
-*   [Meeting Minutes](https://docs.google.com/document/d/1uXQI1vI5_HyOvxHMexrnTY_ruBrynbPl5yOd1UM4g3A/edit#heading=h.yworp6sxzb6g)
+*   Areas that need contributions:
+    - New job role definitions
+    - Skill description refinements
+    - Translations and localization
+    - UI/UX suggestions
+*   Contributing instructions: See [`CONTRIBUTING.md`](./CONTRIBUTING.md)
+*   File issues or suggestions on [GitHub Issues](https://github.com/ossf/cybersecurity-skills-framework/issues)
 
 # 
 **Governance**
 
-[TODO: Update this link to your specific CHARTER.md file]
-The [CHARTER.md](https://github.com/ossf/project-template/blob/main/CHARTER.md) outlines the scope and governance of our group activities.
+The [CHARTER.md](./CHARTER.md) outlines the scope and governance of our group activities.
 
-
-[OPTIONAL]
-*   Lead name 
-*   Co-Lead name
+*   Lead: Glenn ten Cate ([email protected])
+*   Co-Lead: Christopher Robinson ([email protected])
 
 #
 **Intellectual Property**
 
 In accordance with the [OpenSSF Charter (PDF)](https://charter.openssf.org/), work produced by this group is licensed as follows:
 
-[TODO: Select below the applicable license(s), delete those that don't apply, and update the LICENSE file accordingly. For specification development refer to the specific instructions on the [Community Specification Getting Started page](https://github.com/CommunitySpecification/1.0/blob/main/..Getting%20Started.md).
-
-Note that for source code, instead of Apache, you may choose to use the MIT License available at https://opensource.org/licenses/MIT. Otherwise, no other license than those listed here may be used without approval from the Governing Board.]
-
-1. Software source code
-* Apache License, Version 2.0, available at https://www.apache.org/licenses/LICENSE-2.0;
-2. Data
-* Any of the Community Data License Agreements, available at https://www.cdla.io;
-3. Specifications
-* Community Specification License, Version 1.0, available at https://github.com/CommunitySpecification/1.0
-4. All other Documentation
-* Creative Commons Attribution 4.0 International License, available at https://creativecommons.org/licenses/by/4.0/
+1. Software source code  
+   * Apache License, Version 2.0, available at https://www.apache.org/licenses/LICENSE-2.0
+2. Data  
+   * Any of the Community Data License Agreements, available at https://www.cdla.io
+3. Specifications  
+   * Community Specification License, Version 1.0, available at https://github.com/CommunitySpecification/1.0
+4. All other Documentation  
+   * Creative Commons Attribution 4.0 International License, available at https://creativecommons.org/licenses/by/4.0/
 
 **Antitrust Policy Notice**
 
 Linux Foundation meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws.
 
-Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at http://www.linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.
+Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at http://www.linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.