Conversation
DotDotSlashRepo
commented
Apr 18, 2026
DotDotSlashRepo
commented
- Formatting edits on introduction paragraph
- Merged 3.2.2 to 3.2.1 because of similarity
- Made edits to improve grammar of 3.2.6
- Added reference link to OWASP AITG
* Formatting edits on introduction paragraph. * Merged 3.2.2 to 3.2.1 because of similarity * made edits to improve grammar of 3.2.6 * added reference link to OWASP AITG
RicoKomenda
left a comment
RicoKomenda
left a comment
There was a problem hiding this comment.
Thanks for the fixes. A few things to note before this can merge.
The merge of 3.2.1 and 3.2.2 should be reverted. PR #680 (already merged) deliberately split the old compound control into two separate L1 requirements because input validation testing and output sanitization testing are independently verifiable. A system could pass one and fail the other. Re-merging them undoes that intentional split and reintroduces a compound control. Please keep 3.2.1 and 3.2.2 as separate controls and restore the original numbering through 3.2.7.
Appendix D would also need to be updated if the renumbering stands, which is another reason to avoid it.
The other changes are all good and should be kept: the em-dash removal in the control objective, the grammar fix on 3.2.6 ("is provided" added), and the OWASP AI Testing Guide reference.
|
Hi @DotDotSlashRepo: Can you change the proposed fixes from earlier? |
Revert merge of 3.2.1 and 3.2.2
|
Done changes as per comment |
2 participants
