fixed changelog date (#271)

* updated with 0.9 version changes

* updated to move the owasp resource images to the front of the owasp section

* updated with 1.0 release info

* 1.0 release

* fixed date typo on changelog

---------

Co-authored-by: Jason Ross <[email protected]>

llm-top-10-governance-doc/LLM_AI_Security_and_Governance_Checklist.tex

@@ -24,15 +24,16 @@
 %%% ================================================
 
 %%% Project Name
-\def\projectName{LLM AI Security \& Governance Checklist}
+\def\projectName{LLM AI Cybersecurity \& Governance Checklist}
 \def\projectSubName{From the OWASP Top 10 \\ for LLM Applications Team}
-\def\docVersion{0.5}
+\def\docVersion{1.0}
 
 %%% Project Type
 \def\projectType{OWASP Project Document}
 
 %%% Report Date (defaults to Today's date)
-\def\date{\today}
+% \def\date{\today}
+\def\date{February 19, 2024}
 
 
 %%% ================================================
@@ -59,15 +60,19 @@
 
 %%%	COVER PAGE
 \input{sections/coverpage}
+\clearpage
 
 %%%	CHANGELOG & DISCLAIMER
 \input{sections/changelog-disclaimer}
+\clearpage
 
 %%%	TABLE OF CONTENTS
 \input{sections/toc}
+\clearpage
 
 %%% ALL OTHER CONTENT
 \input{sections/main}
+\clearpage
 
 %%% APPENDICES
 \appendix

llm-top-10-governance-doc/apx/team.tex

@@ -31,15 +31,20 @@ \chapter{Team}
   \endfoot
   %%% TABLE DATA GOES HERE
 \hline
-  Sandy Dunn & Heather Linn & John Sotiropoulos   \\
+  Sandy Dunn & Heather Linn & \href{mailto:[email protected]}{John Sotiropoulos}   \\
   \hline
   Steve Wilson & Fabrizio Cilli & Aubrey King     \\
   \hline
-  Bob Simonoff & David Rowe & Rob Vanderveer      \\
+  Bob Simonoff & David Rowe & \href{mailto:[email protected]}{Rob Vanderveer}      \\
   \hline
   Emmanual Guilherme Junior & Andrea Succi & Jason Ross \\
   \hline
+  Talesh Seeparsan & Anthony Glynn & Julie Tao \\
+  \hline
   %%% TABLE DATA ENDS HERE
-  \caption{OWASP LLM AI Security \& Governance Checklist v.0.5 Team}
+  \caption{OWASP LLM AI Security \& Governance Checklist Team}
   \label{tab:team}
 \end{longtable}
+
+This project is licensed under the terms of the
+\href{https://creativecommons.org/licenses/by-sa/4.0/}{Creative Commons Attribution-ShareAlike 4.0 International License}

llm-top-10-governance-doc/fragments/changelog.tex

@@ -6,6 +6,8 @@
 \fontsize{11}{11}
   \begin{versionhistory}
   \vhEntry{0.1}{2023-11-01}{Sandy Dunn}{initial draft}
-  \vhEntry{0.5}{2023-12-06}{Sandy Dunn, OWASP LLM Apps Team}{public draft}
+  \vhEntry{0.5}{2023-12-06}{SD, Team}{public draft}
+  \vhEntry{0.9}{2023-02-15}{SD, Team}{pre-release draft}
+  \vhEntry{1.0}{2024-02-19}{SD, Team}{public release v 1.0}
 \end{versionhistory}
 \end{figure}

llm-top-10-governance-doc/fragments/resources/owasp.tex

@@ -1,5 +1,24 @@
 % !TEX root = owasp-doc.tex
 % \clearpage %%% Since this is the first section in the resources chapter, we don't clear the page
+
+\textbf{OWASP Top 10 for Large Language Model Applications}
+\begin{figure}[ht]
+  \centering
+  \includegraphics[width=0.8\textwidth]{owasp_top_10_llm_highlevel}
+  \caption{Image of OWASP Top 10 for Large Language Model Applications}
+  \label{fig:owasp-top-10-llm-highlevel}
+\end{figure}
+
+\clearpage
+\textbf{OWASP Top 10 for Large Language Model Applications Visualized}
+\begin{figure}[ht]
+  \centering
+  \includegraphics[width=0.8\textwidth]{owasp_top_10_llm_app_arch}
+  \caption{Image of OWASP Top 10 for Large Language Model Applications Visualized}
+  \label{fig:owasp-top-10-llm-visualized}
+\end{figure}
+
+\clearpage
 \textbf{OWASP Resources}
 Using LLM solutions expands an organization's attack surface and presents new
 challenges, requiring special tactics and defenses. It also poses problems that
@@ -128,20 +147,3 @@
   \caption{OWASP Resources}
   \label{tab:owasp-resources}
 \end{longtable}
-
-\textbf{OWASP Top 10 for Large Language Model Applications}
-\begin{figure}[ht]
-  \centering
-  \includegraphics[width=0.8\textwidth]{owasp_top_10_llm_highlevel}
-  \caption{Image of OWASP Top 10 for Large Language Model Applications}
-  \label{fig:owasp-top-10-llm-highlevel}
-\end{figure}
-
-\clearpage
-\textbf{OWASP Top 10 for Large Language Model Applications Visualized}
-\begin{figure}[ht]
-  \centering
-  \includegraphics[width=0.8\textwidth]{owasp_top_10_llm_app_arch}
-  \caption{Image of OWASP Top 10 for Large Language Model Applications Visualized}
-  \label{fig:owasp-top-10-llm-visualized}
-\end{figure}

llm-top-10-governance-doc/sections/coverpage.tex

@@ -24,7 +24,7 @@
     \projectSubName
 \end{center}
 %%% Version and Publication Date
-\vspace*{10cm}
+\vspace*{6cm}
     \par\normalfont\fontsize{22}{22}\sffamily\selectfont
     \textbf{\color{white}Version: \docVersion}\par
     \par\normalfont\fontsize{14}{14}\sffamily\selectfont

llm-top-10-governance-doc/sections/llm-strategy.tex

@@ -1,35 +1,54 @@
 % !TEX root = owasp-doc.tex
+
 % ================================================
 %	LLM Strategy
 % ================================================
+
 \headerimage
 \chapter{Determining LLM Strategy}
-The acceleration of LLM applications has raised the visibility of all
-artificial intelligence applications' organizational use. Recommendations for
-policy, governance, and accountability should be considered holistically.
+The rapid expansion of Large Language Model (LLM) applications has heightened
+the attention and examination of all AI/ML systems used in business operations,
+encompassing both Generative AI and long-established Predictive AI/ML systems.
+This increased focus exposes potential risks, such as attackers targeting
+systems that were previously overlooked and governance or legal challenges that
+may have been disregarded in terms of legal, privacy, liability, or warranty
+issues. For any organization leveraging AI/ML systems in its operations, it's
+critical to assess and establish comprehensive policies, governance, security
+protocols, privacy measures, and accountability standards to ensure these
+technologies align with business processes securely and ethically.
+
+Attackers, or adversaries, provide the most immediate and harmful threat to
+enterprises, people, and government agencies. Their goals, which range from
+financial gain to espionage, push them to steal critical information, disrupt
+operations, and damage confidence. Furthermore, their ability to harness new
+technologies such as AI and machine learning increases the speed and
+sophistication of attacks, making it difficult for defenses to stay ahead of
+attacks.
 
-The immediate LLM threats are the use of online tools, browser plugins,
-third-party applications, the extended attack surface, and ways attackers can
-leverage LLM tools to facilitate attacks.
+The most pressing non-adversary LLM threat for many organizations stem from
+"Shadow AI": employees using unapproved online AI tools, unsafe browser
+plugins, and third-party applications that introduce LLM features via updates
+or upgrades, circumventing standard software approval processes.
 
 \begin{figure}[h]
   \centering
-  \includegraphics[width=\textwidth]{ai_implementation_strategy}
-  \caption{Image of steps of LLM implementation}
-  \label{fig:llm-implementation-strategy}
+  \includegraphics[width=\textwidth]{ai_deployment_strategy}
+  \caption{Image of options for deployment strategy}
+  \label{fig:llm-deployment-strategy}
 \end{figure}
 
 \clearpage
+
 \section{Deployment Strategy}
 The scopes range from leveraging public consumer applications to training
 proprietary models on private data. Factors like use case sensitivity,
 capabilities needed, and resources available help determine the right balance
-of convenience vs. control. But understanding these five model types provides a
-framework for evaluating options.
+of convenience vs. control. However, understanding these five model types
+provides a framework for evaluating options.
 
 \begin{figure}[h]
   \centering
-  \includegraphics[width=\textwidth]{ai_deployment_strategy}
-  \caption{Image of options for deployment strategy}
-  \label{fig:llm-deployment-strategy}
-\end{figure}
+  \includegraphics[width=\textwidth]{ai_deployment_types}
+  \caption{Image of options for deployment types}
+  \label{fig:llm-deployment-types}
+\end{figure}

llm-top-10-governance-doc/sections/main.tex

@@ -3,7 +3,6 @@
 %%%	MAIN SECTIONS
 %%% ================================================
 \input{sections/overview}
-\input{sections/llm-challenges}
 \input{sections/llm-strategy}
 \input{sections/checklist}
 \input{sections/resources}