Skip to content
Open Repository for the Open Security and Privacy Reference Architecture
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Documentation Status


Open Repository for the Open Security and Privacy Reference Architecture

Open publications for IT security and privacy are still rare. Despite the great work of the OWASP foundation many IT security organizations are not that open.

This reference architecture aims to enable you to create better and faster security and privacy solutions by reusing content that is provided in this reference architecture. To encourage collaboration for this project this reference architecture is of course free and open (cc-by-sa).

This project is supported by the BM-Support Foundation,

Current status: We are working on a complete revision for 2018 of this 'Open Reference Architecture for Security and Privacy'. So join the party and create the 2018 version together with us.


We encourage all security professionals to improve this reference architecture. Join the team to:

  • Add security or privacy principles.
  • Add security or privacy models.
  • Help us create the largest OSS reference framework on OSS security and privacy applications and tools.
  • Create better graphics and text.
  • Add threat models that can be easily reused.
  • Improve criteria on selecting OSS solutions for security and privacy applications.
  • Create tools to speed up the process of making use of this reference architecture. E.g. we created a GPL WordPress tool to * manage and create security specification documents fast. Help us to improve these tools or create your own.

Your contributions to this Guide are greatly appreciated as long as contributions fit within the scope and goal of this security and privacy reference architecture. As an open project, this Open Reference Architecture for Security and Privacy shall always remain vendor-neutral and freely available for all to use. If you contribute you will of course get credit (mentioned in upcoming publications). You can contribute using the following Github repository:

Please observe our contribution guidelines before creating a pull request:

With the exception of typos and spelling mistakes (feel free to fix these and they’ll be merged), please observe the following guides:

  • Always open an issue first. This will allow us to determine whether or not the change should take place.
  • Explain your issue, and we will discuss it with you. If we agree the change is necessary we will mark it as TODO and will fix it when we get a chance, or we will allow a member of the community to supply the change with a pull request.
  • This reference architecture is intended to be a helpful resource aimed at professional security/privacy architects and designers.
  • Contributions must fit within the scope and goal of this security and privacy reference architecture. Of course we like to discuss your input for changing scope or goals if needed!

For small corrections or input, just send me an email. For larger contributions, please create a pull request.


When you submit text to which you hold the copyright, you agree to license it under:

  • Creative Commons Attribution-ShareAlike 4.0 International License (CC BY-SA 4.0).
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.