The objective of this project is to propose a means to support the due diligence responsibilities of manufacturers who rely on F/OSS components in a way that, rather than burdening F/OSS maintainers or stewards, helps to sustain F/OSS projects and facilitates interaction with both market surveillance and vulnerability coordination functions at the national and ENISA levels.
Voluntary security attestations offer an opportunity to proactively strengthen the security posture of F/OSS by enabling a wide range of stakeholders, from developers and stewards to integrators and public authorities, to participate in a structured and trustworthy process of security validation.
The content of this open source project is received and distributed under the license(s) listed above. Some source code and binaries may be distributed under different terms. Specific license information is provided in file headers and in NOTICE files distributed with the project's binaries.
Member companies supporting this project over the last three months.