Data Provenance (DPS) TC

Members may be interested in this LinkedIn post about AI SBOM use cases, some of which include some data provenance issues.Note that the work that created this is an industry team that CISA convenes, but is not a standard, is not CISA itself, and is public domain. So we could, if we wanted, extract any part of the document and 'make it our own' should we want to - and we could change it any way we wanted as well (eg using our spec as metadata about the SBOM as opposed to embedding provenance inside the SBOM).

I'm not advocating anything. Just pointing out the work and possibilities we may or may not want to pursue as part of our use case work.

------------------------------
Duncan Sparrell
Chief Cyber Curmudgeion
sFractal Consulting LLC
Oakton VA
703-828-8646
------------------------------

Original Message:
Sent: 6/5/2025 3:37:00 PM
From: Duncan Sparrell
Subject: FYI on relevant work

Members may be interested in this LinkedIn post about AI SBOM use cases, some of which include some data provenance issues.Note that the work that created this is an industry team that CISA convenes, but is not a standard, is not CISA itself, and is public domain. So we could, if we wanted, extract any part of the document and 'make it our own' should we want to - and we could change it any way we wanted as well (eg using our spec as metadata about the SBOM as opposed to embedding provenance inside the SBOM).

I'm not advocating anything. Just pointing out the work and possibilities we may or may not want to pursue as part of our use case work.

------------------------------
Duncan Sparrell
Chief Cyber Curmudgeion
sFractal Consulting LLC
Oakton VA
703-828-8646
------------------------------