Create Support Level to associate different types of support with an artifact. #628
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The support available for a software artifact is a factor increasingly being used in risk assessment. equirement of listing the support type available. This set of enumerations has been based on https://healthsectorcouncil.org/wp-content/uploads/2023/03/Health-Industry-Cybersecurity-Managing-Legacy-Technology-Security-HIC-MaLTS.pdf, with additional categories being added after discussion with the AI & Data profile working groups. It should be able to be applied to software components, AI/ML trained models and datasets.
Add information about the level of support that can be expected for a specific artifact.
Add the supportLevel property to the artifact
kestewart
changed the title
bennetkl
approved these changes
Feb 5, 2024
There was a problem hiding this comment.
The SPX-AI WG discussion talked about also adding No Assertion, which I see you have done, because currently at least with AI/Dataset, none of these artifacts have any kind of support. We probably should add an example of limited support ie. is that limited to specific times of day? type of issues? or something else.
Approved to merge into main
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The support available for a software artifact is a factor increasingly being used in risk assessment. equirement of listing the support type available. This set of enumerations has been based on the enumerations in "Managing Legacy Technology Security (HIC-MaLTS)" from the Healthcare & Public Health Sector Coordinating Councils, with additional categories being added after discussion with the AI & Data profile working groups. It can be applied to software components, AI/ML trained models and datasets; in the medical industry as well as other industries.
Signed-off-by: Kate Stewart kstewart@linuxfoundation.org