From 62995b8c1c245314eb37fca6ea091ef1daede857 Mon Sep 17 00:00:00 2001
From: Charles Wilson
 <87022759+Motional-Charles-Wilson@users.noreply.github.com>
Date: Thu, 11 Jan 2024 12:30:00 -0500
Subject: [PATCH] Update Future.md

add domain-specific subsetting
---
 Future.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Future.md b/Future.md
index c6013d83..5cde422a 100644
--- a/Future.md
+++ b/Future.md
@@ -65,3 +65,11 @@ Software doesn't exist in a vacuum. Modern software often runs in a complex ecos
 One way to tackle this problem is to identify a way to link SARIF into a model of that ecosystem, such as what is generated by "observability" tools that leverage OpenTelemetry. Linking of this nature has benefits in both directions. People looking at the entire ecosystem can drill into SARIF details from the global picture. People more focused on individual software components can enrich SARIF results with an understanding of context.
 
 For example, imagine that SARIF identifies a "critical" SQL injection problem in an application. Adding global context would enable adding risk factors that temper that result. The application might only contain read-only, public data. Or it might only be accessible by administrators. Or it might be protected by a runtime protection module. The contextual risk calculation may be only "low".
+
+## Provide Domain-specific Schema Subsets
+
+In order to reduce the overhead of working with the complete SARIF schema and also accommodate the diverse needs of automated software pipelines, domain-specific schema subsets would be created. These would be strict subsets in that they would conform to the master SARIF schema.
+
+Schema subsetting would also allow for the adoption of SARIF in these new domains as the weight of the current schema acts as a barrier to entry.
+
+Additionally, these schema subsets should accelerate the creation of SARIF data manipulation within the build pipeline.