Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [open-regulatory-compliance] Joint statement on the value of voluntary security attestations 
Hello again,

second try. Sorry for the noise. Please read inline....

On Thursday, 16 April 2026 21:02:29 WEST Agustin Benito Bethencourt wrote:
> Hello,
> 
> please read inline...
> 
> On Friday, 10 April 2026 14:49:31 WEST Shanda Giacomoni via open-regulatory-
> compliance wrote:
> > Hi all,
> > 
> > Following Juan’s note, we’re preparing the launch of the ORC joint
> > statement on voluntary security attestations, planned for *April 16*.
> > 
> > As part of the rollout, we’re inviting members who support the
> > statement to *contribute
> > a short quote* that we can feature across our social media and
> > communications. This is a great opportunity to highlight your
> > organisation’s perspective and reinforce the importance of attestations.
> > If
> > you would like to contribute a quote, please send it directly to me.
> > 
> > A few quick details:
> >    - *Deadline (preferred):* April 15. We understand internal approvals
> >    can
> >    take time, so quotes are still welcome after launch and will be used in
> >    ongoing promotion
> >    - *Length:* 1–3 sentences
> >    - *Focus:* Why voluntary security attestations matter to your
> >    organisation, open source sustainability, or the broader ecosystem
> 
> [...]
> 
> "At the Software Transparency Foundation, we see voluntary security
> attestations as a scalable bidirectional path connecting industry and open
> source communities of every size. We are convinced that such attestations
> can increase transparency, trust, traceability, and collaboration while
> remaining affordable and proportionate for all parties involved.
> 
> This approach recognizes community-led governance and market neutrality,
> while helping manufacturers responsibly consume open source software to the
> EU Cyber Resilience Act goals."
> 
> — Agustin Benito Bethencourt, Ecosystem Coordinator, Software Transparency
> Foundation
> 
> Please let me know if it requires editing.
> 
> Best Regards

"At the Software Transparency Foundation, we see voluntary security 
attestations as a scalable bidirectional path connecting industry and open 
source communities of every size. We are convinced of that such attestations 
can increase transparency, trust, traceability, and collaboration, while 
remaining affordable and proportionate for all parties involved.

This approach recognizes community-led governance and market neutrality, while 
helping manufacturers responsibly consume open source software to meet the EU 
Cyber Resilience Act goals."

— Agustin Benito Bethencourt, Ecosystem Coordinator at Software Transparency 
Foundation

Best Regards

-- 
Agustin Benito Bethencourt
Toscalix Consulting
http://www.toscalix.com/about

Back to the top