The Linux Foundation’s Automated Compliance Work Garners New Funding, Advances Tools Development
The software compliance ecosystem has long needed an initiative such as ACT, and projects such as SPDX-tools and Tern are key elements in the challenge of automating compliance” said Santiago Torres-Arias, lead of the in-toto project and member of the New York University’s Secure Systems Lab, “We are most excited about the integration of in-toto into SPDX, which will help in providing strong, cryptographically-enforced compliance checks. Security is not just a matter of protecting against outsiders, but also a matter of ensuring all actors within your supply chain are following the rules.”