Re: SPDX Goes ISO


Richard Purdie
 

On Thu, 2021-09-09 at 15:02 +0000, Phil Odence via lists.spdx.org wrote:
I’m pleased to announce that SPDX is now ISO/IEC 5962:2021.
 
Many people have worked hard over the last decade to get us to this point. Big
credit goes to my Steering Committee colleagues who have all been instrumental.
And we should recognize that this was all Kate’s brainchild. I believe it was
Fall of 2009 when she started informally socializing the idea of a standard SBOM
format at Linux Foundation events. Not too long thereafter, in the then single
weekly meeting, early participants began debating whether it should be SPDE,
ultimately deciding “X” at the end would be catchier. And now it’s officially
caught.
 
Here’s the LF press release:
http://www.linuxfoundation.org/press-release/spdx-becomes-internationally-recognized-standard-for-software-bill-of-materials
This is great news, very happy to see it and kudos to everyone involved.

People may also be interested to know that we just merged SPDX SBOM generation
into OpenEmbedded-Core, just before our feature freeze for our October release
(3.4).

This means that Yocto Project will have SPDX and hence ISO compliant SBOM
generation out the box from then and hence on our next LTS planned for April.

http://git.yoctoproject.org/cgit.cgi/poky/commit/?id=f1a34a63e44dc444ed213c48bfeab9da1196bfc8
(and following patches)

Cheers,

Richard

Join spdx@lists.spdx.org to automatically receive all group messages.