[open-regulatory-compliance] On the role of open collaboration in supply

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[open-regulatory-compliance] On the role of open collaboration in supply-chain security

From: Scott Lewis <slewis@xxxxxxxxxxxxx>
Date: Sat, 11 Apr 2026 15:41:55 -0700
Delivered-to: open-regulatory-compliance@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/open-regulatory-compliance/>
List-help: <mailto:open-regulatory-compliance-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla Thunderbird

Some of you may have been following the recent (and ongoing)supply-chain attacks in the npm and pypi supply chains:


https://www.theregister.com/2026/04/11/trivy_axios_supply_chain_attacks/

It was valuable and gratifying for me to read the details of whatactually happened, and how it was addressed:


https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack

Prev by Date: Re: [open-regulatory-compliance] Joint statement on the value of voluntary security attestations
Next by Date: Re: [open-regulatory-compliance] Joint statement on the value of voluntary security attestations
Previous by thread: [open-regulatory-compliance] Joint statement on the value of voluntary security attestations
Next by thread: [open-regulatory-compliance] Last chance to join OC for Compliance at OCX 2026
Index(es):
- Date
- Thread

Back to the top