Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/AevaOnline/supply-chain-synthesis

Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.
https://github.com/AevaOnline/supply-chain-synthesis

Last synced: 28 days ago
JSON representation

Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.

Host: GitHub
URL: https://github.com/AevaOnline/supply-chain-synthesis
Owner: AevaOnline
License: apache-2.0
Created: 2022-01-08T00:20:26.000Z (almost 3 years ago)
Default Branch: main
Last Pushed: 2023-04-04T13:55:51.000Z (over 1 year ago)
Last Synced: 2024-04-13T18:26:28.241Z (8 months ago)
Size: 75.2 KB
Stars: 31
Watchers: 8
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-software-supply-chain-security - supply-chain-synthesis - form read on why that's the case, plus helpful pointers to understand and navigate it as it evolves. (About this list)

README

Background and Intent
===

Human languages are ever-evolving, and meaning is imputed by the
speaker, and this is doubly true within technical domains where domain-specific
language is crucial to efficient collaboration and communication.

2021 demonstrated that there are already wide-spread differences in imputed
meanings of identical technical terms within the overarching domain of 'supply
chain security', and these exist across many open source organizations and
commercial bodies. Furthermore, there has been a general lack of understanding
outside of domain-experts in what these terms mean, as no one other than
security wonks needed to understand this DSL. This has only led to further
confusion as new folks join existing communities and appropriate terms whose
legacy they may not fully see.

My hope in starting this work in the summer of 2021, and continuing now in
2022, is that by first gathering lexicons from disparate organizations, I may
help us all arrive at common understandings and overcome the trap of the tower
of babel, which, I am afraid we have all been falling into, no doubt moreso
because COVID has made in-person gatherings less common or comfortable.

I make no claim to be an authoritative voice on any one, let alone more than
one, of these domains, and invite correction wherever I have misrepresented, or
failed to account for, distinction.

In the end, I will consider this effort a wild success if it facilitates more
efficient communication of designs and expectations between domain expters,
and helps the community-at-large identify gaps in the supply chain which we
can collectively work to secure.

Status
----

**WORK IN PROGRESS**

I am moving my ["Analysis of the supply chain landscape" gDoc](https://docs.google.com/document/d/1KT5QPCgVx_8UFIKv8-0k9GYjfcL3uvHmK4COOEGq_UQ) from google to
github to make it easier to track changes and take contributions, and begin
working in earnest on the 'synthesis' portion of this effort.