[Git][reproducible-builds/reproducible-presentations][nevermind-the-checkboxes] Misc changes.

Sat Aug 2 16:45:26 UTC 2025


Chris Lamb pushed to branch nevermind-the-checkboxes at Reproducible Builds / reproducible-presentations


Commits:
c0dd8c3a by Chris Lamb at 2025-08-02T09:45:19-07:00
Misc changes.

- - - - -


1 changed file:

- 2025-08-02-fossy-nevermind-the-checkboxes/Nevermind-the-Checkboxes-heres-Reproducible-Builds.org


Changes:

=====================================
2025-08-02-fossy-nevermind-the-checkboxes/Nevermind-the-Checkboxes-heres-Reproducible-Builds.org
=====================================
@@ -46,7 +46,7 @@ The goal of this talk is...
 
 To describe how elements of the punk movement (autonomy and
 independence, DIY ethic, mutual aid and community) can be applied to
-various compliance regimes (CRA, ISO9000, Whitehouse Executive order
+various compliance regimes (CRA, ISO9000, White House Executive Order
 ???) are in many ways thoroughly and practically addressed by the use
 Reproducible Builds and FOSS.
 #+END_comment
@@ -140,9 +140,9 @@ A software supply chain differs from a physical supply chain in several key ways
 
 * Software relies on digital **infrastructure**, while physical goods require manufacturing and logistical facilities.
 
-These fundamental differences lead to distinct challenges and management
-strategies in each type of supply chain, limiting the ability to usefully
-compare one with the other.
+These fundamental differences lead to distinct challenges and strategies in
+each type of supply chain, limiting the ability to usefully compare one with
+the other.
 
 
 ** text
@@ -176,9 +176,9 @@ of supply chain management.
 
 https://en.wikipedia.org/wiki/ISO_9000_family
 
-goal of these standards is to help organizations ensure that they meet
-customer and other stakeholder needs within the statutory and
-regulatory requirements related to a product or service.
+The goal of these standards is to help organizations ensure that they meet
+customer and other stakeholder needs within the statutory and regulatory
+requirements related to a product or service.
 
 #+ATTR_BEAMER: :overlay <+->
 - 1987
@@ -250,8 +250,29 @@ Security Stuff
 
 * Real problems
 
-do they solve actual problems?
+While SBOMs, ISO9660 and other regulatory processes provide a framework
+standards to enhance security, they fall short of solving real-world security
+problems.
 
+- They primarily focus on documentation and standardization rather than
+  addressing dynamic and evolving threats that require adaptive and proactive
+  solutions.
+
+- The static nature of standards like ISO9660 cannot keep pace with the rapid
+  development of new vulnerabilities.
+
+- Implementing regulatory processes can be resource-intensive, leading
+  some organizations, especially smaller ones (such as open source projects),
+  to overlook or abandon comprehensive security measures due to effort, cost or
+  complexity.
+
+- Compliance with standards doesn't guarantee overall security resilience, as
+  these frameworks often fail to account for human factors such as insider
+  threats, human error or inadequate security awareness.
+
+Thus, while regulatory processes lay the groundwork for security best
+practices, they are not comprehensive solutions for the complex, ever-changing
+landscape of cybersecurity threats.
 
 * Quality
 



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/c0dd8c3a001dc223eee9ebd3815176a117684217

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/c0dd8c3a001dc223eee9ebd3815176a117684217
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20250802/1b649c0f/attachment.htm>
