‘‘SEC. 524B. ENSURING CYBERSECURITY OF DEVICES. ‘‘(3) provide to the Secretary a software bill of 20 materials, including commercial, open-source, and 21 off-the-shelf software

Hello Everyone, I’ve heard the SBOM provision that was in the NDAA is under consideration for the Omnibus Bill. I sent written testimony to the Senate Appropriations Committee deliberating the

It’s all moot now. The bill passed the House and Senate today and is on it’s way to the President’s desk. https://www.congress.gov/bill/117th-congress/house-bill/7776/text All of the

You shared this previously https://insidecybersecurity.com/share/14118 I think that's a significant reason. And even as a proponent / agitator of SBOMs myself, I find the arguments they lay out

Eliot, I’m not familiar with the GSA work you mention. Can you provide a pointer to GSA documents indicating that SBOM’s are required. I’ve seen where SBOM’s are required in the

Why? GSA is already specifying SBOMs. And is the list to encourage congressional lobbying? On 16.12.22 20:38, Dick Brooks wrote:

FYI: Please get the word out to restore the SBOM provision in the NDAA. “I don't see why any member of Congress would want to hamstring their own cybersecurity professionals from monitoring

Sending this to the SPDX list per Gary’s suggestion at today’s SPDX tech team meeting. . Last Week I attended a FERC-DOE supply chain technical conference and a suggestion was made to host a

Dear all, A step forward to automate license processing is to characterize legal terms dealt with by licenses and describe licenses accordingly in order to reach a standardized model. To that end, we

Thank you, Gary! I wasn't sure where the right place was to ask this question. Issue submitted with example: https://github.com/spdx/spdx-online-tools/issues/414

Hi Keith, The “Unexpected Error” usually indicates an issue with the validation tool itself. Can you post an issue at https://github.com/spdx/spdx-online-tools/issues and attach a file that

Hi, I'm using the SPDX online validator and I'm trying to understand what this error means. Could someone shed some light on it? Analysis exception processing SPDX file: Unexpected Error:

Having also been in that call I would also like this clarification. The idea behind having this information available is for the recipient to make her or his own judgement on how accurate they expect

Hoping to meet some people at this supply chain technical conference in Washington on December 7. Please come out and show your support for SBOM in software supply chains and meet many of the

Hi Steve, I’m going to include the SPDX tech group on the email thread – sorry to many of you for the duplication. Steve – If you’re a member of that email we can continue the thread

Steve, SBOM’s are created to serve a purpose, for example some SBOM’s are used for license management, some are used for dependency tracking and the one I’m most familiar with is an SBOM

Hi all, One of the suggestions in today’s call for the OpenChain Telco SIG, where we’re discussing proposals for an SBOM standard for the Telecommunications industry, was: > SBOMs

Small correction: Thurs is Dec 1. From:spdx@... <spdx@...> on behalf of Phil Odence via lists.spdx.org <phil.odence=synopsys.com@...> Date: Wednesday, November 30, 2022 at 10:16 AM To: SPDX-general

This month we’ll have a couple special presentations. Gary will give a debrief on Wednesday’s docfest. Alexios will walk is through the GitHub 3.0 directories so everyone knows how to

This survey was a great start to gather feedback about SBOM, but it would be good to get some questions about AI sBOM, they need additional information collected