Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

why do you think if we can not understand the dependency chain, the regulators and the auditors can?



Because we don't have the time needed to do the audit nor necessarily the access, while auditors and regulators have both because of legal backing and the fact that it's their full time job


The entire point of an independent audit is to throw an expert at the technologies in question at the point of the supply chain they are tasked with auditing in order to better understand it than a layperson could and make an assessment that provides the public with the benefit of their expertise. Not everyone can be an expert on everything, but experts can check each other's work and report on it publicly.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: