Re: SPDX Goes ISO

Home Messages Hashtags Subgroups

#1453

Re: SPDX Goes ISO

Dick Brooks #1453 Phil, Minimal SBOM elements specified by NTIA for Executive Order (EO) 14028 do not include license data element requirements (see attached). The EO and the NTIA SBOM minimal elements focus on Cyber risk, i.e. C-SCRM, whereas license management is a Legal/Financial risk. The use of SBOM for license legal risk management is indeed a good practice, but it is not required to satisfy NTIA minimal SBOM requirements for EO 14028. Thanks, Dick Brooks *Never trust software, always verify and report!* ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788 toggle quoted message Show quoted text From: spdx@... <spdx@...> On Behalf Of Phil Odence via lists.spdx.org Sent: Tuesday, September 14, 2021 11:53 AM To: spdx@... Subject: Re: [spdx] SPDX Goes ISO Thanks, Matija. Absolutely not just license compliance. Security too is a big driver and an important part/direction of SPDX. From: spdx@... <spdx@...> on behalf of Matija Šuklje <matija@...> Date: Tuesday, September 14, 2021 at 10:31 AM To: spdx@... <spdx@...> Subject: Re: [spdx] SPDX Goes ISO Congratulations! This is indeed a massive step for the software world, and hopefully not just in terms of license compliance! hip hip hurrah! Matija -- gsm: tel:+386.41.849.552 www: https://urldefense.com/v3/__https://matija.suklje.name__;!!A4F2R9G_pg!JDcVm_7nX5ihf6dF-lq5bEdOjwvrwPFEsQEyBY11L-icpBRYY7c2OV2t2w8ajmFojgc$ xmpp: matija.suklje@... sip: matija_suklje@...
More All Messages By This Member

View All 22 Messages In Topic

#1453

Join {spdx@lists.spdx.org to automatically receive all group messages.

Home Hashtags Subgroups Terms