Re: What we mean when we talk about "supply chains" [was Re: Three steps we could take to make supply chain attacks a bit harder]

Hello, I have been deleting most of these emails, but I feel like this is a bit myopic. On Tuesday, April 2, 2024 6:25:56 PM EDT Kevin Kofler via devel wrote: > Gary Buhrmaster wrote: > > > And, more importantly, the industry has agreed > > to use the term supply chain. Is the term > > perhaps

Re: What we mean when we talk about "supply chains" [was Re: Three steps we could take to make supply chain attacks a bit harder]

Gary Buhrmaster wrote: > And, more importantly, the industry has agreed > to use the term supply chain. Is the term > perhaps overloaded, or perhaps too > ill-defined/imprecise? Sure. But if one wants > to use a different term one would need to work > across the industry to change the term, and

Re: What we mean when we talk about "supply chains" [was Re: Three steps we could take to make supply chain attacks a bit harder]

On Mon, Apr 1, 2024 at 4:42 PM Adam Williamson wrote: > I think we *are* part of a supply chain, regardless of any handwaving > about The Open Source Model. And, more importantly, the industry has agreed to use the term supply chain. Is the term perhaps overloaded, or perhaps too ill-defined/im

What we mean when we talk about "supply chains" [was Re: Three steps we could take to make supply chain attacks a bit harder]

On Mon, 2024-04-01 at 12:27 -0400, Neal Gompa wrote: > > > > ii) the fact that this attack reinforces the painful truth that > > sophisticated attackers *are* extremely interested in attacking the > > supply chain of which we form a significant component > > Can we please reframe it for what it a