#SPDX 3.0 now supports #SBOMs for #AI applications - Kate Stewart, Vice President of Dependable Embedded Systems at The Linux Foundation shares all the details in this TFiR video. Watch it here: https://hubs.la/Q02wLrrv0 SPDX SBOM The Zephyr Project ELISA Project #opensource #SBOM
SPDX SBOM
Data Security Software Products
San Francisco, California 762 followers
Open standard for communicating software bill of material information (SBOMs)
About us
The Software Package Data Exchange (SPDX) is an open standard for communicating software bill of material information, including components, licenses, copyrights, and security references. SPDX reduces redundant work by providing a common format for companies and communities to share important data, thereby streamlining and improving compliance. The SPDX specification is an international open standard (ISO/IEC 5962:2021). The mission of SPDX is to develop and promote open standards for communicating software bill of material information, including provenance, license, security, and other related information. SPDX is an open source project hosted by the Linux Foundation. The grass-roots effort includes representatives from a diverse set of organizations—software, systems and tool vendors, foundations and systems integrators. Work is done by three sub-groups: the tech team, the legal team, and the outreach team. There is also a monthly general call which provides an overview of progress on the entire project. The SPDX project is composed of: - The SPDX Specification itself - The SPDX License List (including exceptions, matching guidelines, license IDs, and license expression syntax) - SPDX tools and libraries for working with the SPDX documents and SPDX License List
- Website
-
https://spdx.dev/
External link for SPDX SBOM
- Industry
- Data Security Software Products
- Company size
- 51-200 employees
- Headquarters
- San Francisco, California
- Founded
- 2010
Updates
-
The SPDX community, in collaboration with the Linux Foundation, is thrilled to announce the release of SPDX 3.0. This milestone marks a significant advancement in the world's most widely used Software Bill of Materials (SBOM) communication format. SPDX 3.0 introduces a comprehensive set of updates, encompassing the model, specification, and license list, with the new addition of SPDX profiles to handle modern system use cases. Read the announcement: https://hubs.la/Q02s_TH10 #spdx #opensource #sbom
-
-
In the ever-evolving landscape of software development, SPDX 3.0 emerges as a transformative solution, ushering in a new era of enhanced security and streamlined vulnerability tracking. #SPDX3 #SoftwareSupplyChain #SBOM #SecurityUpdates #VulnerabilityData #CVSS #EPSS #KEV #SSVC #VEX #SecurityStandards #SPDXProfile #DynamicVulnerabilityData #MetadataGroupings #SoftwareSecurity #SBOMUtility #CVEtracking #OpenSourceSecurity
Capturing Software Vulnerability Data in SPDX 3.0
https://spdx.dev