[discussion] Consider renaming repository to better reflect Risk Map focus

[edonadei]

Summary

The current repository name secure-ai-tooling may not accurately represent the project's primary focus and deliverable: the CoSAI Risk Map (CoSAI-RM) framework. This could impact discoverability, clarity of purpose, and community engagement.

Current state

Repository Name: secure-ai-tooling
Actual Content Breakdown:

• ~90%: CoSAI Risk Map framework
• ~10%: Supporting development tooling

Problem Statement

The name "secure-ai-tooling" suggests:

• A collection of diverse security tools for AI development
• Equal emphasis on multiple utilities and frameworks
• A tooling-first rather than framework-first project

Reality: This is primarily a comprehensive AI security risk framework (the CoSAI Risk Map) with sophisticated supporting infrastructure to maintain, validate, and visualize that framework. Impact on visibility and clarity:

1. Discoverability: Organizations searching for AI risk frameworks might not find this repo
2. First impressions: New contributors/users might expect something different
3. Positioning: The name doesn't reflect the project's unique value proposition as a comprehensive, community-driven AI risk framework
4. Branding: "CoSAI Risk Map" is the recognized deliverable, but isn't in the repo name

Proposed Solutions

1. cosai-risk-map and making the main readme focused exclusively on it

• Directly reflects the primary deliverable
• Aligns with how the project is referenced in documentation
• Clear and unambiguous purpose
• Matches the actual content (Risk Map is the product)

2. cosai-framework-tooling

• Acknowledges both framework and supporting tools
• Less specific but more comprehensive

3. Something completely different? ai-security-encyclopedia, ai-threat-catalog, ai-security-blueprint, etc...

Questions for Discussion

1. Scope alignment: Is this repository intended to house additional security tools beyond the Risk Map in the future? If so, secure-ai-tooling might be future-proof.
2. Branding consistency: How is this project referenced in external communications, papers, and presentations? Does "CoSAI Risk Map" or "CoSAI Secure AI Tooling" appear more frequently?
3. Community feedback: What do current contributors and users call this project informally?
4. SEO and discoverability: What search terms do we want organizations to use when looking for this framework?
5. Breaking changes: What would be the impact of a rename on existing documentation, citations, external links and references

[davidlabianca]

Thanks @edonadei ... this is a good decision to re-open and review. The background is that we didn't know how prominent CoSAI-RM would be for CoSAI nor how many other tools might be started when the project was initiated.

I think there is a strong rationale to rename the repo, at this point, given the centrality of CoSAI-RM to our ongoing workstream efforts as we land our new focus of:

• publish guidance, white papers, etc
• materialize the identified controls and risks in CoSAI-RM
• identify a tool or other usable implementation of some element of the guidance

@edonadei wrote:
2. cosai-framework-tooling

• Acknowledges both framework and supporting tools
• Less specific but more comprehensive

cosai-framework-tooling would be my vote but I'd also be fine with the simple and straight forward Option 1 cosai-risk-map

Questions for Discussion

1. Scope alignment: Is this repository intended to house additional security tools beyond the Risk Map in the future? If so, secure-ai-tooling might be future-proof.

That was the initial thinking but I do wonder if remains valid, given the current investment, and whether separate repos per tool would be a better solution

3. Branding consistency: How is this project referenced in external communications, papers, and presentations? Does "CoSAI Risk Map" or "CoSAI Secure AI Tooling" appear more frequently?

We've been leaning into CoSAI-RM / CoSAI Risk Map

4. Community feedback: What do current contributors and users call this project informally?

Good question - I use CoSAI-RM

6. SEO and discoverability: What search terms do we want organizations to use when looking for this framework?

Good question for WS3, marketing committee and the PGB...

8. Breaking changes: What would be the impact of a rename on existing documentation, citations, external links and references

Probably nothing terrible at the moment... a few blog posts? we'd have to check...

Adding @santosomar @jrrao @Akilsrin for their thoughts