-
-
Notifications
You must be signed in to change notification settings - Fork 119
Feedback
Sandy Dunn edited this page Dec 15, 2023
·
13 revisions
We welcome commentary and feedback from the public on our team's work. If you'd like to provide feedback and suggestions about the OWASP Top 10 for Large Language Model Applications there are several ways:
- Join the expert team's Slack Channel and engage in the discussion
- Join our main channel
#project-top10-for-llmfor general project discussions on the LLM Top 10 - Join our
#team-llm-discusschannel to sharing relevant links & posts about LLM security (not necessarily Top-10 related) - Join the
#team-llm-*channels for deeper discussions on individual Top-10 entries
- Join our main channel
- File an issue on the GitHub site. See the issue tracking section below for further details.
- If you're not comfortable with either option above, you can send an email
The LLM Top 10 project uses Github issues for formally tracking errata, updates and suggestions in a transparent way which encourages discussion by the community. Please ensure you tag your issue with one of the following labels when raising an item:
-
bug: For factual inaccuracies, broken links, typos, etc -
enhancement: For a change or addition to the Top-10, such as clarifications/re-wordings, additional examples, links to external resources, etc -
extension: For something that extends the Top-10 but is not part of the core project; for example cheat-sheets, guides, intentionally-vulnerable apps, etc.
You can optionally add additional labels if your issue relates to specific Top 10 entries or assets:
-
llm-01: Relates to LLM Top-10 entry #1 -
llm-02: Relates to LLM Top-10 entry #2 - ...etc...
-
llm-10: Relates to LLM Top-10 entry #10 -
llm-other: Relates to a topic that is not (yet) covered by the Top-10 -
pdf: Indicates an issue specific to the PDF document -
website: Indicates an issue specific to llmtop10.com
As issues are managed by the project team, additional labels may be applied:
-
duplicate: Indicates this is a duplicate of an existing issue -
discuss: Indicates that this issue requires a deeper discussion -
wontfix: Indicates a deliberate decision has been made not to fix the issue
Project contributors performing triage on newly-raised issues should:
- Add/adjust relevant tags/labels (see above).
- Perform a search to see if this is an obvious duplicate; if certain, label as
duplicate, link to the original issue, and close the new issue. - Otherwise, assign the issue to the appropriate lead based on the defined project
CODEOWNERSfile which is deemed the single source of truth for current vulnerability leads - The below is a different visual aid to represent this
| Topic | Lead | GitHub ID | Slack Channel |
|---|---|---|---|
| LLM-01 Prompt Injection | Leon | leondz | #team-llm-promptinjection |
| LLM-02 Insecure Output Handling | Ken H | kenguangus | #team-llm-insecureoutput |
| LLM-03 Training Data Poisoning | Ads | GangGreenTemperTatum | #team-llm-ads_data_poisoning |
| LLM-04 Model Denial of Service | Ken H | kenguangus | #team-llm-denial |
| LLM-05 Supply Chain Vulnerabilities | John S | jsotiro | #team-llm-suppy_chain |
| LLM-06 Sensitive Information Disclosure | Ads | GangGreenTemperTatum | #team-llm_sensitive_information_disclosure |
| LLM-07 Insecure Plugin Design | John S | jsotiro | #team-llm-insecure-plugins |
| LLM-08 Excessive Agency | Andy S | rot169 | #team-llm-excessiveagency |
| LLM-09 Overreliance | Steve W | virtualsteve-star | #team-llm-insecure-plugins |
| LLM-10 Model Theft | Ads | GangGreenTemperTatum | #team-llm-ads_model_theft |
| OWASP Top 10 for LLM Applications Cybersecurity and Governance Checklist | sdunn | subzer0girl2 | #team-llm_ai-secgov |
| Mike F | mkfnch | NA | |
| Website | Mike F | mkfnch | NA |