Skip to content

Add Citations and TL;DR #952

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 32 commits into from
Aug 5, 2025
Merged

Add Citations and TL;DR #952

merged 32 commits into from
Aug 5, 2025

Conversation

balteravishay
Copy link
Contributor

Add Citations and TL;DR sections to Security-Focused Guide for AI Code Assistant Instructions

@balteravishay balteravishay force-pushed the avbalter/add-sections branch from 198169c to c791dfe Compare July 30, 2025 10:06
Copilot

This comment was marked as outdated.

Sign in to view

@balteravishay balteravishay requested a review from Copilot July 30, 2025 11:27
Copilot

This comment was marked as outdated.

Sign in to view

@balteravishay balteravishay requested a review from Copilot July 30, 2025 13:46
Copilot

This comment was marked as outdated.

Sign in to view

david-a-wheeler
david-a-wheeler reviewed Jul 31, 2025
View reviewed changes
balteravishay and others added 13 commits August 1, 2025 13:56
@balteravishay
adding citations and tldr
139cb83 
Signed-off-by: balteravishay <[email protected]>
@balteravishay
updated
7e6ed62 
Signed-off-by: balteravishay <[email protected]>
@balteravishay
citations
c8e4518 
Signed-off-by: balteravishay <[email protected]>
@balteravishay
fix lint
79d0686 
Signed-off-by: balteravishay <[email protected]>
@balteravishay @Copilot
Update docs/developers.md
9aed4c6 
Co-authored-by: Copilot <[email protected]>
Signed-off-by: Avishay Balter <[email protected]>
Signed-off-by: balteravishay <[email protected]>
@balteravishay @Copilot
Update docs/Security-Focused-Guide-for-AI-Code-Assistant-Instructions.md
4154ea3 
Co-authored-by: Copilot <[email protected]>
Signed-off-by: Avishay Balter <[email protected]>
Signed-off-by: balteravishay <[email protected]>
@balteravishay @Copilot
Update docs/developers.md
1c70276 
Co-authored-by: Copilot <[email protected]>
Signed-off-by: Avishay Balter <[email protected]>
Signed-off-by: balteravishay <[email protected]>
@balteravishay
fix comments
b85b1b3 
Signed-off-by: balteravishay <[email protected]>
@balteravishay @david-a-wheeler
Update docs/Security-Focused-Guide-for-AI-Code-Assistant-Instructions.md
4186845 
Co-authored-by: David A. Wheeler <[email protected]>
Signed-off-by: Avishay Balter <[email protected]>
Signed-off-by: balteravishay <[email protected]>
@balteravishay @david-a-wheeler
Update docs/Security-Focused-Guide-for-AI-Code-Assistant-Instructions.md
35b058e 
Co-authored-by: David A. Wheeler <[email protected]>
Signed-off-by: Avishay Balter <[email protected]>
Signed-off-by: balteravishay <[email protected]>
@balteravishay @david-a-wheeler
Update docs/Security-Focused-Guide-for-AI-Code-Assistant-Instructions.md
02b8f33 
Co-authored-by: David A. Wheeler <[email protected]>
Signed-off-by: Avishay Balter <[email protected]>
Signed-off-by: balteravishay <[email protected]>
@balteravishay @david-a-wheeler
Update docs/Security-Focused-Guide-for-AI-Code-Assistant-Instructions.md
36a3b6e 
Co-authored-by: David A. Wheeler <[email protected]>
Signed-off-by: Avishay Balter <[email protected]>
Signed-off-by: balteravishay <[email protected]>
@balteravishay
pr comments
d118e9b 
Signed-off-by: balteravishay <[email protected]>
@balteravishay balteravishay force-pushed the avbalter/add-sections branch from 60a5845 to d118e9b Compare August 1, 2025 12:57
@david-a-wheeler
Copy link
Contributor

Catherine Tony et al's work is especially appropriate to this work: https://arxiv.org/abs/2407.07064v2

The work found that RCI was the most effective, and if you couldn't do that, detailed prompting (as described here) was next-best. From a scientific view I understand why they compared approaches in isolation to each other.

Yet from a practioner's view, I don't want to know "what one technique should I use". Nothing prevents us from using multiple techniques. I want to know "what combination of techniques would produce the best answers within various resource constraints"? The top two techniques were RCI (asking it to review its answer and correct it), followed by specific guidance on the results. Once my proposed addition of RCI is added to this text, we're incorporating both of the top 2 techniques. I hope there will continue to be experimentation. However, given the evidence I can currently find, that seems most likely to produce the best results. If someone finds a better way, we can update to match.

balteravishay and others added 6 commits August 4, 2025 21:14
@balteravishay @david-a-wheeler
Update docs/Security-Focused-Guide-for-AI-Code-Assistant-Instructions.md
e34182b 
Co-authored-by: David A. Wheeler <[email protected]>
Signed-off-by: Avishay Balter <[email protected]>
@balteravishay @david-a-wheeler
Update docs/Security-Focused-Guide-for-AI-Code-Assistant-Instructions.md
87ed472 
Co-authored-by: David A. Wheeler <[email protected]>
Signed-off-by: Avishay Balter <[email protected]>
@balteravishay @david-a-wheeler
Update docs/Security-Focused-Guide-for-AI-Code-Assistant-Instructions.md
94520ca 
Co-authored-by: David A. Wheeler <[email protected]>
Signed-off-by: Avishay Balter <[email protected]>
@balteravishay
first fix
357899b 
Signed-off-by: balteravishay <[email protected]>
@balteravishay
Merge branch 'avbalter/add-sections' of https://github.com/balteravis…
01fef6a 
…hay/wg-best-practices-os-developers into avbalter/add-sections
@balteravishay
more pr fixes
6d46f26 
Signed-off-by: balteravishay <[email protected]>
Copilot

This comment was marked as outdated.

Sign in to view

@balteravishay
lint
d2f3a06 
Signed-off-by: balteravishay <[email protected]>
@balteravishay balteravishay requested a review from Copilot August 4, 2025 21:08
Copilot

This comment was marked as outdated.

Sign in to view

david-a-wheeler
david-a-wheeler approved these changes Aug 4, 2025
View reviewed changes
Copy link
Contributor

@david-a-wheeler david-a-wheeler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks so much! I contributed a lot of proposed tweaks which you've accepted. Copilot found a few formatting problems, which look legit. Could you please review them, and if they make sense, accept them?

Other than that, I think this new version is much better. Let's merge it & get WGs to review it. I think everyone will be delighted.

@balteravishay
copilot change requests
5380ba3 
Signed-off-by: balteravishay <[email protected]>
@balteravishay balteravishay requested a review from Copilot August 4, 2025 21:22
Copilot

This comment was marked as outdated.

Sign in to view

@balteravishay
c#
3594eff 
Signed-off-by: balteravishay <[email protected]>
@balteravishay
line break
8c7c6f7 
Signed-off-by: balteravishay <[email protected]>
@david-a-wheeler
Copy link
Contributor

I'm sorry that you had to suffer through an endless number of suggestions :-). But I'd like to think that the result now is lots better, and I didn't want to create merge conflicts.

Please merge at your convenience. This is great stuff.

@balteravishay
final small edits
5c148cc 
Signed-off-by: balteravishay <[email protected]>
@balteravishay balteravishay requested a review from Copilot August 5, 2025 07:28
Copilot

This comment was marked as outdated.

Sign in to view

@balteravishay
ununsed citations
57f182d 
Signed-off-by: balteravishay <[email protected]>
@balteravishay balteravishay requested a review from Copilot August 5, 2025 07:47
Copilot
Copilot AI reviewed Aug 5, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds comprehensive citations and a TL;DR section to the Security-Focused Guide for AI Code Assistant Instructions. It transforms the guide from a basic instructional document into a well-researched, academically-backed resource with proper attribution and quick reference material.

Key Changes

  • Added a TL;DR section with essential security principles and sample instructions for immediate use
  • Incorporated extensive citations throughout the document to support recommendations with research evidence
  • Added a comprehensive appendix with detailed citations and references section
  • Updated navigation links across documentation to reference the new guide

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
docs/index.md Added link to the Security-Focused Guide in the ongoing work examples
docs/developers.md Added the guide as a resource for developers with descriptive text
docs/Security-Focused-Guide-for-AI-Code-Assistant-Instructions.md Major expansion with TL;DR section, citations throughout, and references appendix

@balteravishay
lint
eaccd8e 
Signed-off-by: balteravishay <[email protected]>
@balteravishay
space
6fd7832 
Signed-off-by: balteravishay <[email protected]>
@balteravishay balteravishay merged commit 6d47603 into ossf:main Aug 5, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@david-a-wheeler david-a-wheeler david-a-wheeler approved these changes

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@06kellyjac 06kellyjac 06kellyjac left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Product: Guidelines

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@balteravishay @david-a-wheeler @06kellyjac