Consider adding a generatedOrAugmentedByAI tag
#625
Comments
|
for those of you interested in what's happening in the standards space, here are the current ISO/IEC joint standards https://www.iso.org/committee/6794475/x/catalogue/p/1/u/0/w/0/d/0 and those under development https://www.iso.org/committee/6794475/x/catalogue/p/0/u/1/w/0/d/0 you'll note that there are numerous ones released which speak to the area of risk management. |
|
Shouldn't the info on the source of any "rating" be sufficient (in the scope of the format)? Given the "fashion trends" I expect most analyzers will use (or claim to use) models to extrapolate or interpolate findings from the system analyzed. Stating the obvious would IMO not really accelerate the use case of tracking down false positives. Until we plan to document the processing of credit or job applications (or anything else where the producer or consumer might face challenges of bias or similar) per SARIF, I have a hard time to imagine how the documentation of analysis of any system might need more than the already existing ways of originator tagging. So, I like to get to know one or more such specific use cases before I see myself able to discuss this suggested addition. |
Emerging compliance regulations around AI suggest it may be helpful to explicitly annotate any analysis findings that either originate entirely with AI or are augmented/influenced by LLMs, custom models, etc.
The text was updated successfully, but these errors were encountered: