A Digital Commons for sovereign security operations.
What this is
SecOps-NG is a community-driven initiative — a Digital Commons — curating portable security content for European sovereign infrastructure. It is not a vendor and not a consultancy. The output is community infrastructure: shared playbooks (CACAO), detection references (Sigma), controls (OSCAL and D3FEND), an OCSF-shaped data spine, and an open metrics catalogue — all of which anyone in the commons can read, audit, fork, and improve.
What the commons believes
Digital sovereignty is a public good. A society that cannot defend its own networks, on infrastructure inside its own jurisdiction, with tools it can read and audit, has outsourced something essential. Restoring that capability is a shared, generational project, not a procurement task.
The European regulatory baseline — the body of directives and regulations that frame how essential and important entities must operate — is not the point of this work. It is a backdrop. The point is the operational readiness that lets communities defend themselves with clarity, without renting the capacity from outside the continent.
How the commons works
- Open by default. The content layer, the playbooks, and the reference compile targets are published under permissive licenses. If you can read text, you can read the defences the commons relies on.
- Sovereign by architecture. Reference deployments target European-resident, European-governed infrastructure. No choice of AI provider or runtime is hard-wired into the content.
- Portable by design. Content is authored against open standards — CACAO, Sigma, OSCAL, D3FEND, OCSF — and compiled into the orchestrator each operator already runs. The commons adds the curation, mappings, and metrics that the standards on their own do not supply.
- Community-first governance. Decisions happen in the open on GitHub — RFCs, governance flags, issue threads. Anyone affected by a change is welcome to weigh in on it.
How to take part
There is no membership form. Participation looks like this:
- github.com/secops-ng — read the framework, file issues, open pull requests, comment on RFCs and governance flags.
- Field notes — design dispatches, postmortems, and walkthroughs from the commons. The collection is small for now and growing.
- Community — code of conduct, governance, and contribution practices that keep the commons workable.
Federations beat monopolies. The doors are open.