ATR Governance
ATR is a public, community-driven detection standard. This page documents decision authority, the Technical Steering Committee structure, conflict-of-interest policy, and the Enterprise Member program.
Founding Three TSC (Target: Q3 2026)
Single-maintainer governance is the project’s primary structural risk. The Founding Three resolves bus-factor=1 and converts ATR from a project into a standards body.
BDFL transitional authority until TSC seated.
Confirmation pending. Justified by PR #79 + #99 merged in skill-scanner.
Confirmation pending. Justified by MISP taxonomies #323 + galaxy #1207 merged.
Seat-3 (community / threat-intel) succession requires TSC supermajority (3-of-3); no single seat may veto. Bi-weekly open meetings; minutes posted to the repo.
Decision Authority
Once TSC is seated
| Decision | Vote Threshold |
|---|---|
| Rule ID assignment | 2 of 3 majority |
| Spec amendments | 2 of 3 + 14-day public comment |
| New category admission | 2 of 3 + Spec PR |
| Enterprise Member admission | 2 of 3 majority |
Conflict-of-Interest Policy
Applies to all TSC seats and PR reviewers
A seat MUST recuse from any PR authored by an organization in which they hold equity, employment, or a commercial contract > $10,000 / year.
Recusal MUST be stated publicly in the PR thread.
A reviewer MUST recuse from a PR they authored or that targets their employer’s product.
ATR Certified Skill (Free)
Community-run, free. Skills with zero critical findings against the current ATR corpus receive the atr-certified label. Decisions are made by CI and community reviewers, not by any commercial entity.
Enterprise Member ($10,000 / year)
Modeled on the Apache Software Foundation Platinum Sponsor program. Grants governance voting rights, early RFC access, priority PR review SLA, logo placement. Enterprise Members cannot influence individual rule acceptance.