I have noticed some Chapters and Sub-chapters have missing or lacking Descriptions and more details about what that Chapter and Sub-chapter is about. I would like to suggest edits and additions for those to make it easier for those who will read AISVS every time they need guidance on a particular topic in the standard. Also this helps people who are getting into AI to be able to easily understand what they are checking or verifying against in case the requirements are not that descriptive or require deeper AI/ML knowledge to digest the said requirement.
It also helps with making the Chapters and Sub-chapters uniformed in look and feel when you read the whole document.
A few examples I saw and have in mind are:
- C2.1 Prompt Injection Defense. Prompt Injection was not defined here in the sub-chapter which I think it will be useful for users.
- C5.1 Authentication. No description here.
- C5.2 AI Resource Authorization & Classification. No description here.
- C10.2 Authentication & Authorization. No description here.
- C13.1 Request & Response Logging. No description here.
- C4.3 Edge & Distributed AI Security. In one of the requirements here, Byzantine fault-tolerant consensus mechanism was used. Maybe it is useful to cite this as an example in the Sub-chapter heading and a bit of description what it has to do with this Sub-chapter.
I know some of the specific terms and their meaning were in the Glossary, however based on my experience with people using ASVS, people don't read it much and it will be quite helpful to check out the Chapter headings.
I can help out on improving those, but want to hear the leaders' thoughts whether this idea will add value to AISVS or not.
I have noticed some Chapters and Sub-chapters have missing or lacking Descriptions and more details about what that Chapter and Sub-chapter is about. I would like to suggest edits and additions for those to make it easier for those who will read AISVS every time they need guidance on a particular topic in the standard. Also this helps people who are getting into AI to be able to easily understand what they are checking or verifying against in case the requirements are not that descriptive or require deeper AI/ML knowledge to digest the said requirement.
It also helps with making the Chapters and Sub-chapters uniformed in look and feel when you read the whole document.
A few examples I saw and have in mind are:
I know some of the specific terms and their meaning were in the Glossary, however based on my experience with people using ASVS, people don't read it much and it will be quite helpful to check out the Chapter headings.
I can help out on improving those, but want to hear the leaders' thoughts whether this idea will add value to AISVS or not.