Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [open-regulatory-compliance] Joint statement on the value of voluntary security attestations 
Hello,

please read inline...

On Friday, 10 April 2026 14:49:31 WEST Shanda Giacomoni via open-regulatory-
compliance wrote:
> Hi all,
> 
> Following Juan’s note, we’re preparing the launch of the ORC joint
> statement on voluntary security attestations, planned for *April 16*.
> 
> As part of the rollout, we’re inviting members who support the
> statement to *contribute
> a short quote* that we can feature across our social media and
> communications. This is a great opportunity to highlight your
> organisation’s perspective and reinforce the importance of attestations. If
> you would like to contribute a quote, please send it directly to me.
> 
> A few quick details:
> 
>    - *Deadline (preferred):* April 15. We understand internal approvals can
>    take time, so quotes are still welcome after launch and will be used in
>    ongoing promotion
>    - *Length:* 1–3 sentences
>    - *Focus:* Why voluntary security attestations matter to your
>    organisation, open source sustainability, or the broader ecosystem
> 
[...]

"At the Software Transparency Foundation, we see voluntary security 
attestations as a scalable bidirectional path connecting industry and open 
source communities of every size. We are convinced that such attestations can 
increase transparency, trust, traceability, and collaboration while remaining 
affordable and proportionate for all parties involved.

This approach recognises community-led governance and market neutrality, while 
helping manufacturers responsibly consume open source software to the EU Cyber 
Resilience Act goals."

— Agustin Benito Bethencourt, Ecosystem Coordinator, Software Transparency 
Foundation

Please let me know if it requires editing.

Best Regards

-- 
Agustin Benito Bethencourt
Toscalix Consulting
http://www.toscalix.com/about

Back to the top