Hello Shanda,
Please find below:
„At SignPath, we see voluntary security attestations as a critical building block for trustworthy software supply chains. Standardised, verifiable security
information helps manufacturers make informed decisions while enabling open source projects to demonstrate their integrity without adding unnecessary friction.”
-- Florian Lukavsky, SignPath
Kind regards,
Florian
Florian Lukavsky
Chief Innovation Officer
SignPath GmbH
Gonzagagasse 11/23, 1010 Vienna, Austria
VAT ID: ATU72648227
Commercial register no.: 475506z; jurisdiction: Handelsgericht Wien
Mobile: +43 660 836 26 72
Phone: +43 1 3530330
https://www.signpath.io
From: open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx>
On Behalf Of Daniel Thompson-Yvetot via open-regulatory-compliance
Sent: Freitag, 10. April 2026 16:38
To: Open Regulatory Compliance Working Group <open-regulatory-compliance@xxxxxxxxxxx>
Cc: Daniel Thompson-Yvetot <denjell@xxxxxxxxxxxxxx>
Subject: Re: [open-regulatory-compliance] Joint statement on the value of voluntary security attestations
"As a Harmonised Standards Rapporteur, I know that industry can greatly benefit from Voluntary Attestations. As a contributor to the work on attestations I know that its usage will be proportional to its utility. As an open-source maintainer,
I plan to make various kinds of attestations available."
Daniel Thompson (CrabNebula, Tauri)
Hi all,
Following Juan’s note, we’re preparing the launch of the ORC joint statement on voluntary security attestations, planned for
April 16.
As part of the rollout, we’re inviting members who support the statement to
contribute a short quote that we can feature across our social media and communications. This is a great opportunity to highlight your organisation’s perspective and reinforce the importance of attestations. If you would like to contribute a quote, please
send it directly to me.
A few quick details:
-
Deadline (preferred): April 15. We understand internal approvals can take time, so quotes are still welcome after launch and will be used in ongoing promotion
-
Length: 1–3 sentences
-
Focus: Why voluntary security attestations matter to your organisation, open source sustainability, or the broader ecosystem
We have also drafted a
social media kit to make it easy for you to amplify the statement
across your own channels once it goes live. There is currently
no link in the document, but
it will be added on April 16.
If you’d like to contribute a quote or have any questions, please feel free to reach out.
Shanda
After a few weeks of work and several rounds of feedback we finalised the joint statement on the role of Voluntary security attestations. Please take a look
to it and if you have
a ny strong
concern with it, please let me know.
In the coming days, Shanda will
be sharing a social kit and the
launching plan for those of you who want to actively promote it.
Once again, thanks a lot for
the engagement and
contributions and best regards,
--
Eclipse Foundation:
The Community for Open Collaboration and Innovation
Berliner Allee 47, 64295 Darmstadt
Handelsregister: Darmstadt HRB 92821
Managing Directors: Gaël Blondelle, Mike Milinkovich, Michael Plagge
_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit
https://accounts.eclipse.org
--
_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit
https://accounts.eclipse.org
|
