-
## Date
_Tuesday_ 18 June 2034 - _9am_ EST / _time_ UK
## Untracked attendees
| Name | Firm | Comment |
| :--- | :--- | :------ |
## Meeting notices
- FINOS **Project leads** are respons…
-
Cross reference with https://discuss.scientific-python.org/t/spec-8-supply-chain-security/1163
Copying from @tupui's original post there, areas of focus could be:
* [OpenSSF 4](https://openssf.o…
-
We'd like to take on various projects to strengthen our security posture and make our (and our customer's) supply chain secure.
There are some related tasks in here that are not strictly about secu…
-
**Is your feature request related to a problem? If so, please give a short summary of the problem and how the feature would resolve it**
Having a supply chain analysis solution to identify potential …
-
SLSA offers:
- A common vocabulary to talk about software supply chain security
- A way to secure your incoming supply chain by evaluating the trustworthiness of the artifacts you consume
- An ac…
-
NatWest Group is running an **Open Source Supply Chain Security** “FINOS Members + Limited Guests, Chatham House Rule” roundtable, to celebrate OSFF London, on behalf of the FINOS DevOps Automation SI…
-
### What is the problem this feature would solve?
There is currently no proper way to automatically scan for vulnerabilities or license issues as part of a CI/CD pipeline.
### What is the feature yo…
-
Modern web development is most commonly done by composing an application from open-source dependencies.
I suppose most of the supply chain mitigations are not proactive and that's why they're not …
-
Reopening this since Polyfill is just closing issues in an attempt to cover this up.
https://www.bleepingcomputer.com/news/security/polyfillio-javascript-supply-chain-attack-impacts-over-100k-sites…
-
* **Title**: Mr
* **Speaker**: Jonathan Campbell
* **Type**: (Presentation 30-45 mins | Lightning Talk 5-10 mins) Presentation / Discussion
* **Level**: (basic | standard | advanced) TBC
* **Tags…