SPDX Goes ISO
I’m pleased to announce that SPDX is now ISO/IEC 5962:2021.
Many people have worked hard over the last decade to get us to this point. Big credit goes to my Steering Committee colleagues who have all been instrumental. And we should recognize that this was all Kate’s brainchild. I believe it was Fall of 2009 when she started informally socializing the idea of a standard SBOM format at Linux Foundation events. Not too long thereafter, in the then single weekly meeting, early participants began debating whether it should be SPDE, ultimately deciding “X” at the end would be catchier. And now it’s officially caught.
Here’s the LF press release: http://www.linuxfoundation.org/press-release/spdx-becomes-internationally-recognized-standard-for-software-bill-of-materials
L. Philip Odence
General Manager, Black Duck Audit Business
Synopsys Software Integrity Group, Burlington, MA
M (781) 258-9502 | phil.odence@...