Thanks you Dick, This is useful

NTIA Framing document has the mapping you seek: see page 13 https://www.ntia.gov/files/ntia/publications/ntia_sbom_framing_2nd_edition_20211021.pdf However the “EO 14028 NTIA min element list

Hi , Is there any document reference which can be used to see mapping between SPDX tags and NTIA Minimum elements ? Some element names can be easily confused , something like "Author of SBOM Data"

Hi , I have query regarding SPDXID , Can this be expressed along with CPE or pURL something like "SPDXRef-[cpe id]" or "SPDXRef-[pURL]" Any further guidance on this will help. Regards Sandeep

Kate and Sandeep, Our customers are also interested in this information. There are two concepts to consider: Commercial Status: <enumeration value="Available"></enumeration>

Hi Sandeep, There is a pull request expected shortly from the Usage profile team, to add this specific field to 2.3. When it comes in, please feel free to review and make sure it's going to

Hi All, We have requirement to specify End Of Life as part of package information in SBoM , Is there way current SPDX format support this ? Regards Sandeep

The video has been posted here: https://www.youtube.com/watch?v=8X5PWa7A6pY&list=PLciqFgcGu7TvR_f3aKZHkozX0WIs-N7vc&index=7 Thanks again to Joshua for sharing with us!

Hello, Is it possible to get the recording from the April SPDX meeting? Thanks. Christopher D. Lusk Product Security Analyst Product Security Office Lenovo clusk@...

No special presentation this month, but I will announce this year’s recently added Member Reps and provide a little review of this aspect of the governance process. GENERAL MEETING Meeting

All Things Open (ATO) is one of the largest open source conferences in the world now. In 2022 it’ll be in-person only, in its normal location of the Raleigh Convention Center in Raleigh, North

The OpenChain Industry Survey 2022 covers a big topic: the global status of corporate engagement and management of open source. Please help by completing the survey from your perspective before May

NOTE: I am a little behind and have not posted the minutes from the March meeting in GH. In advance of that, I have included that minutes in roughg form at the bottom of this email. PRESENTATION:

Brian, We will send an email to Primary Contacts from member companies who have signed up by tomorrow. There will be instructions, but essentially we’ll need to hear from the primary contact who

Hi Brian, Since the cutoff date is EOD day, sometime in the next few days / next week we'll send an email with nomination instructions to the primary contacts from each of the members who have signed

Once signing up, how are nominations made?

Hello SPDX community, Just wanted to send a reminder from Phil's original email announcing the SPDX project membership process -- see his email below. As mentioned previously, companies /

REMINDER: Encourage your LF member company to join SPDXhttps://enrollment.lfx.linuxfoundation.org/?project=spdx . Companies that join by April 1 may nominate a candidate for Steering Committee this

https://github.com/spdx/meetings/blob/master/general/2022-02-03.md L. Philip Odence General Manager, Black Duck Audit Business Synopsys Software Integrity Group, Burlington, MA M (781)

Please join us for a very interesting presentation to kick off the meeting: Preview of LF Study on SBOM Readiness by Steve Hendrick Abstract: The State of Software Bill of Materials (SBOM) and