SecOps-NG is a community-driven initiative for European organisations navigating the regulatory baseline. The commons curates portable security content — playbooks, detections, controls, data shapes, and metrics — that sits on top of the open standards the wider industry is already converging on, and compiles into the orchestrator each operator already runs.
Not a vendor. Not a consultancy. A commons.
We do not invent a new format. The commons curates content on top of standards that already exist: CACAO for response playbooks, Sigma for detection rules, OSCAL and D3FEND for controls, and OCSF for the shape of data on the wire. The missing layer — curation, cross-standard mapping, and an open metrics catalogue — is what the commons contributes back.
The canonical content compiles into the runtime each operator already has. Three launch compile targets: n8n, Temporal, and LangGraph. Community-contributed adapters are welcome for MindStudio, Make, Zapier, StackAI, CrewAI, and anything else operators bring to the commons. The commons does not ship a runtime of its own.
Reference deployments target European-resident, European-governed infrastructure. The content is written to be coherent with the European regulatory baseline — NIS2, DORA, CRA — without binding to any single vendor's interpretation. AI providers are pluggable and pinned by the operator; the commons takes no position on which model you choose, only that you can choose.
Security engineers, platform builders, policy practitioners, translators, designers — anyone willing to help maintain a shared scaffold for European operational readiness is welcome. There is no membership form and no gatekeeping. Repositories, issues, and design discussions all live on GitHub.