The first version of this component is under active development.
We're building a secure and transparent system leveraging well-known infrastructure and methods. Our editorial process for reports, including contestation, will occur directly within GitHub so that every decision is made within public view. We're building our database as a serverless application using core AWS services to provide scale and security while trying to minimize our carbon footprint.
As seen from the system diagram, our backend code will be open-sourced through GitHub. The backend itself will be run through AWS with direct usage of GitHub authentication, auditing, and an API that will allow people to integrate the data into their systems.
We are building our backend to enable practitioners adapt our datamodel to build their own database internal to their organization. By doing this, we encourage a network of federated vulnerability databases where AVID acts as the bridge both to the public and between private entities. Responsible public disclosure of vulnerabiilties can be done through running submissions into the public (AVID) instance of this database through AVID's editorial process. Simultaneously, the technical tools and standards we're building will enable practitioners to improve their own internal AI development and risk management processes.