SLSA Spec team. I've been at this for years now but I am adding this here again as an opportunity has come up given the recent publishing of ISO 18974 Open Chain standard which addresses open source security program assurance. This standard impacts both supplier and consumer of open source through providing a mechanism to audit when certain roles and processes are in place to effectively carry out the controls and requirements set forth by both S2C2F and SLSA. Shane Coughlan and I have already spoken and believe this is a great way for us to point to each other's specs and standards as THE standard for end to end supply chain security. please see the link here for Open Chain ISO 18974.
SLSA Spec team. I've been at this for years now but I am adding this here again as an opportunity has come up given the recent publishing of ISO 18974 Open Chain standard which addresses open source security program assurance. This standard impacts both supplier and consumer of open source through providing a mechanism to audit when certain roles and processes are in place to effectively carry out the controls and requirements set forth by both S2C2F and SLSA. Shane Coughlan and I have already spoken and believe this is a great way for us to point to each other's specs and standards as THE standard for end to end supply chain security. please see the link here for Open Chain ISO 18974.