Arthit Suriyawongkul
Arthit Suriyawongkul
Way forward to 3.1, we may like to consider that automation has degrees. See this table of varying degrees of automation from https://doi.org/10.3390/ijerph19063641 : 
As a note, I feel that the use of `PresenceType` here for "human presence" is a little bit of a mismatch. To my understanding, the type is more about presence...
This issue may resolved by #741
- Does https://github.com/spdx/spec-parser/pull/158 already solve this? @goneall
AIAAIC is now developing new version of harm taxonomy. The release timeline is in couple of months, will match with the 3.1 development timeline. This is their first version: https://www.aiaaic.org/aiaaic-repository/classifications-and-definitions
Latest version (v1.8) of AIAAIC harms taxonomy is here: https://www.aiaaic.org/projects/ai-algorithmic-risks-harms-taxonomy
In this [example SBOM](https://github.com/bact/sentimentdemo/blob/2dd889cac0f231fc19ce39542c7c4d16697f1560/bom.spdx3.json#L555-L565), I use it to documented that a classifier script has a classifier model (data file). `[ predict.py ]` `--hasDataFile-->` `[ model.bin ]` ```json { "type": "Relationship"...
Open PR #815 to get more suggestions
I agree with @rgopikrishnan91 that we should clarify how `hasDataFile` (or `hasAsset` / `hasArtifact`) is different from `dependsOn`. I can see that `hasDataFile` doesn't imply dependency, while `dependsOn` explicitly does....
Yesterday AI team meeting (2024-07-31), we settled with this: > - hasDataFile: The `from` Element treats each `to` Element as a data file. A data file is an artifact that...