Kate Stewart
Kate Stewart
This needs to be sorted for 3.0
@iamwillbar - does the flow as Max articulates, align with your understanding?
Work may need to happen in 3.1; depending on alignment of schedules, but we should agree on way this can be done in 3.0 in a way that will not...
@mlieberman85 - see attacks that that SBOMit project is trying to make visible https://github.com/SBOMit/specification/issues/20
@mlieberman85 - https://docs.google.com/document/d/1wGBiAMNkeE_R4NxzzWl1UBmTCfxDbpuzwz9qs2IJ63E/edit has been shared that I think gets into the some of what you were looking for. Working in airgapped environments is highlighted in the discussions.
@lumjjb, @puerco - Is a proposal likely? If not, we'll move this to 3.1 release.
@maxhbr - have the changes you were looking for been made?
We took our definitions of the Risk levels from: https://ec.europa.eu/docsroom/documents/17107/attachments/1/translations/en/renditions/pdf Where they are fairly precise about what they mean. The terminology section (2.1) introduces the risk level terms we've used....
Let's discuss this in the meeting. Possibly we should adjust 3.0's risk to be "General Risk", so we leave a spot for "AI Risk" to emerge in future, without being...
Discussed with Karen, this is moving to 3.1. Have added tags.