Re: [open-regulatory-compliance] Joint statement on the value of volunta

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [open-regulatory-compliance] Joint statement on the value of voluntary security attestations

From: August Bournique <august@xxxxxxxxxxxxxxxx>
Date: Sun, 12 Apr 2026 11:56:10 +0200
Arc-authentication-results: i=1; mx.google.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=ah2naSMyf7ihPIR6KhJgXs08Rq08Ikqi781cTUSzBVY=; fh=3gSjtxGMl+r8KZXjunE9XtT37YheoaGt8bTIhwqTXGg=; b=YrALLycRCID3GwjjIAHLFL9l8nOmjiQtvBzc/nRZ12lRm6hDZfU8WxzIgrya/+MKH3 emW683mcj9rjtoKs5GeR/9zCZMvafWsiEOzcIZrMz04UTbCH9XErep7hKNWBBFST1V3U XLiNq2ak/w3nLYU1LckClmNcJjwrIdBohJhO3t4DEbQtkK3k1CwAK0wXgtgEqzjEsKEC oVzgcMbKFb3T4Sl0ucUg/EqAats8q4C4oftTlGaBLYkYLRsY28DR+1htdI8XHuAlQO3t 4k1t/ADoQ8cxxfpc6T6SC418hrQm1liRpQMm7JRWGqjtFWhgA+Wuu4YKLeWW+MbUAqlT SR2Q==; darn=eclipse.org
Arc-seal: i=1; a=rsa-sha256; t=1775987782; cv=none; d=google.com; s=arc-20240605; b=MAc1Y8wElkYYrPPEnXNxoA4BWbQnekMrE+TubJdpIrhiUHTJsS2u6HJTi+zdWAv5k+ K5Z0hga4iLexkq1sWO6zIkIhrd5qyUw7w68QzCWfoyoWQYcm5HFsN8cR10s8BCwEh+eX qMNwQ6khmG3tshtFFYSV27CQ5u0Ky6m78v2lz0iZdr3ig4rb7lUERoKFmrtWATG24nmm 1VRKLowO1dh7VBgfbe0u625hAWGC0IB0lXNYYzmjnXzQJEA02NZuSwzUk5FgQSXKU39n 53i4TmIjD9VsuTB2PT38/K/fsxr5GEzio6ZWFn4gHLnvgRpEbVspPrAzO4SrkinEJ0V4 2+ww==
Delivered-to: open-regulatory-compliance@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/open-regulatory-compliance/>
List-help: <mailto:open-regulatory-compliance-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=unsubscribe>

“As one of the rapporteurs working on the CRA’s vertical standards, an attorney, and a supporter of FOSS I believe that security attestations form a strong basis for both better security and easier compliance processes, but also a way to better trace connections to FOSS infrastructure and developers deserving of support and acknowledgment.”

-August Bournique

On Fri, Apr 10, 2026 at 9:13 PM Florian Lukavsky via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:

Hello Shanda,

Please find below:

„At SignPath, we see voluntary security attestations as a critical building block for trustworthy software supply chains. Standardised, verifiable security information helps manufacturers make informed decisions while enabling open source projects to demonstrate their integrity without adding unnecessary friction.”

-- Florian Lukavsky, SignPath

Kind regards,

Florian

Florian Lukavsky
Chief Innovation Officer

SignPath GmbH
Gonzagagasse 11/23, 1010 Vienna, Austria
VAT ID: ATU72648227
Commercial register no.: 475506z; jurisdiction: Handelsgericht Wien

Mobile: +43 660 836 26 72
Phone: +43 1 3530330
https://www.signpath.io

From: open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx> On Behalf Of Daniel Thompson-Yvetot via open-regulatory-compliance
Sent: Freitag, 10. April 2026 16:38
To: Open Regulatory Compliance Working Group <open-regulatory-compliance@xxxxxxxxxxx>
Cc: Daniel Thompson-Yvetot <denjell@xxxxxxxxxxxxxx>
Subject: Re: [open-regulatory-compliance] Joint statement on the value of voluntary security attestations

"As a Harmonised Standards Rapporteur, I know that industry can greatly benefit from Voluntary Attestations. As a contributor to the work on attestations I know that its usage will be proportional to its utility. As an open-source maintainer, I plan to make various kinds of attestations available."

Daniel Thompson (CrabNebula, Tauri)

On Fri, Apr 10, 2026 at 3:50 PM Shanda Giacomoni via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:

Hi all,

Following Juan’s note, we’re preparing the launch of the ORC joint statement on voluntary security attestations, planned for April 16.

As part of the rollout, we’re inviting members who support the statement to contribute a short quote that we can feature across our social media and communications. This is a great opportunity to highlight your organisation’s perspective and reinforce the importance of attestations. If you would like to contribute a quote, please send it directly to me.

A few quick details:

Deadline (preferred): April 15. We understand internal approvals can take time, so quotes are still welcome after launch and will be used in ongoing promotion
Length: 1–3 sentences
Focus: Why voluntary security attestations matter to your organisation, open source sustainability, or the broader ecosystem

We have also drafted a social media kit to make it easy for you to amplify the statement across your own channels once it goes live. There is currently no link in the document, but it will be added on April 16.

If you’d like to contribute a quote or have any questions, please feel free to reach out.

Shanda

On Thu, Apr 9, 2026 at 4:16 AM Juan Rico via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:

Dear ORC Community,

After a few weeks of work and several rounds of feedback we finalised the joint statement on the role of Voluntary security attestations. Please take a look to it and if you have a ny strong concern with it, please let me know.

In the coming days, Shanda will be sharing a social kit and the launching plan for those of you who want to actively promote it.

Once again, thanks a lot for the engagement and contributions and best regards,

Juan

--

Juan Rico

Senior Manager ORC, Oniro and Cloud Programs | Eclipse Foundation Europe GmbH | X | LinkedIn | YouTube | Instagram | Bluesky | Mastodon

Eclipse Foundation: The Community for Open Collaboration and Innovation

Berliner Allee 47, 64295 Darmstadt

Handelsregister: Darmstadt HRB 92821

Managing Directors: Gaël Blondelle, Mike Milinkovich, Michael Plagge

_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org

--

Shanda Giacomoni

Senior Marketing Manager, Open Regulatory Compliance | Eclipse Foundation

eclipse.org | Twitter | LinkedIn | YouTube

Eclipse Foundation: The Community for Open Innovation and Collaboration

_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org

_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org

Follow-Ups:
- Re: [open-regulatory-compliance] Joint statement on the value of voluntary security attestations
  - From: Shanda Giacomoni

References:
- [open-regulatory-compliance] Joint statement on the value of voluntary security attestations
  - From: Juan Rico
- Re: [open-regulatory-compliance] Joint statement on the value of voluntary security attestations
  - From: Shanda Giacomoni
- Re: [open-regulatory-compliance] Joint statement on the value of voluntary security attestations
  - From: Daniel Thompson-Yvetot
- Re: [open-regulatory-compliance] Joint statement on the value of voluntary security attestations
  - From: Florian Lukavsky

Prev by Date: [open-regulatory-compliance] On the role of open collaboration in supply-chain security
Next by Date: [open-regulatory-compliance] ORC Community events this week
Previous by thread: Re: [open-regulatory-compliance] Joint statement on the value of voluntary security attestations
Next by thread: Re: [open-regulatory-compliance] Joint statement on the value of voluntary security attestations
Index(es):
- Date
- Thread

Breadcrumbs