|
SPDX in GSoC 2023!
Hi everyone! As every year, Google runs their Summer of Code program, where contributors get the opportunity to become part of Open Source communities. The SPDX Project has participated in the program
Hi everyone! As every year, Google runs their Summer of Code program, where contributors get the opportunity to become part of Open Source communities. The SPDX Project has participated in the program
|
By
Alexios Zavras
· #1624
·
|
|
Seeking Opinions/Participants about AI SBOM Features
Researchers at Indiana University’s Luddy School of Informatics, Computing, and Engineering are looking for participants in the study of SBOM feature preferences. This is an online and asynchronous st
Researchers at Indiana University’s Luddy School of Informatics, Computing, and Engineering are looking for participants in the study of SBOM feature preferences. This is an online and asynchronous st
|
By
Caven, Peter
· #1623
·
|
|
Please participate: "State of Open Standards Survey"
The Linux Foundation (LF) has launched The State of Open Standards Survey to capture how different organizations are involved in open standards adoption and contribution, with the aim of measuring the
The Linux Foundation (LF) has launched The State of Open Standards Survey to capture how different organizations are involved in open standards adoption and contribution, with the aim of measuring the
|
By
Kate Stewart
· #1622
·
|
|
SPDX Thursday General Meeting Reminder
Thanks, Max. I think that “bug” has been there for a while. I will endeavor to eliminate it going forward. Thanks for pointing it out. Phil From: spdx@... <spdx@...> on behalf of
Thanks, Max. I think that “bug” has been there for a while. I will endeavor to eliminate it going forward. Thanks for pointing it out. Phil From: spdx@... <spdx@...> on behalf of
|
By
Phil Odence
· #1621
·
|
|
SPDX Thursday General Meeting Reminder
Hey Phil, just checked the meeting time and there seems to be an inconsistency: 8am PT / 10 am CT / 11am ET mapps to 16:00 UTC I assume that 16:00 UTC, as it is the usual time, is right? Best Max wrot
Hey Phil, just checked the meeting time and there seems to be an inconsistency: 8am PT / 10 am CT / 11am ET mapps to 16:00 UTC I assume that 16:00 UTC, as it is the usual time, is right? Best Max wrot
|
By
Maximilian Huber
· #1620
·
|
|
SPDX Thursday General Meeting Reminder
Happy New Year, all. I hope you have a meeting on your calendar for Thursday. In case there is an issue, the conference info is included below. No special presentation this month. Also please note tha
Happy New Year, all. I hope you have a meeting on your calendar for Thursday. In case there is an issue, the conference info is included below. No special presentation this month. Also please note tha
|
By
Phil Odence
· #1619
·
|
|
LF Research: Participate in the State of Open Standards Survey
Hello SPDX community! I am the ecosystem manager for Linux Foundation Research and we have recently launched The State of Open Standards Survey to capture how different organizations are involved in o
Hello SPDX community! I am the ecosystem manager for Linux Foundation Research and we have recently launched The State of Open Standards Survey to capture how different organizations are involved in o
|
By
Anna Hermansen
· #1618
·
|
|
SBOM is included in the latest Omnibus bill
‘‘SEC. 524B. ENSURING CYBERSECURITY OF DEVICES. ‘‘(3) provide to the Secretary a software bill of 20 materials, including commercial, open-source, and 21 off-the-shelf software components; This text i
‘‘SEC. 524B. ENSURING CYBERSECURITY OF DEVICES. ‘‘(3) provide to the Secretary a software bill of 20 materials, including commercial, open-source, and 21 off-the-shelf software components; This text i
|
By
Dick Brooks
· #1617
·
|
|
SBOM stripped from NDAA may reappear in the Omnibus bill
Hello Everyone, I’ve heard the SBOM provision that was in the NDAA is under consideration for the Omnibus Bill. I sent written testimony to the Senate Appropriations Committee deliberating the Omnibus
Hello Everyone, I’ve heard the SBOM provision that was in the NDAA is under consideration for the Omnibus Bill. I sent written testimony to the Senate Appropriations Committee deliberating the Omnibus
|
By
Dick Brooks
· #1616
·
|
|
Congress is considering removing the SBOM provision from the NDAA Bill now before Congress
It’s all moot now. The bill passed the House and Senate today and is on it’s way to the President’s desk. https://www.congress.gov/bill/117th-congress/house-bill/7776/text All of the software supply c
It’s all moot now. The bill passed the House and Senate today and is on it’s way to the President’s desk. https://www.congress.gov/bill/117th-congress/house-bill/7776/text All of the software supply c
|
By
Dick Brooks
· #1615
·
|
|
Congress is considering removing the SBOM provision from the NDAA Bill now before Congress
You shared this previously https://insidecybersecurity.com/share/14118 I think that's a significant reason. And even as a proponent / agitator of SBOMs myself, I find the arguments they lay out compel
You shared this previously https://insidecybersecurity.com/share/14118 I think that's a significant reason. And even as a proponent / agitator of SBOMs myself, I find the arguments they lay out compel
|
By
Brian Fox
· #1614
·
|
|
Congress is considering removing the SBOM provision from the NDAA Bill now before Congress
Eliot, I’m not familiar with the GSA work you mention. Can you provide a pointer to GSA documents indicating that SBOM’s are required. I’ve seen where SBOM’s are required in the Department of State Ev
Eliot, I’m not familiar with the GSA work you mention. Can you provide a pointer to GSA documents indicating that SBOM’s are required. I’ve seen where SBOM’s are required in the Department of State Ev
|
By
Dick Brooks
· #1613
·
|
|
Congress is considering removing the SBOM provision from the NDAA Bill now before Congress
Why? GSA is already specifying SBOMs. And is the list to encourage congressional lobbying? On 16.12.22 20:38, Dick Brooks wrote:
Why? GSA is already specifying SBOMs. And is the list to encourage congressional lobbying? On 16.12.22 20:38, Dick Brooks wrote:
|
By
Eliot Lear
· #1612
·
|
|
Congress is considering removing the SBOM provision from the NDAA Bill now before Congress
FYI: Please get the word out to restore the SBOM provision in the NDAA. “I don't see why any member of Congress would want to hamstring their own cybersecurity professionals from monitoring and mitiga
FYI: Please get the word out to restore the SBOM provision in the NDAA. “I don't see why any member of Congress would want to hamstring their own cybersecurity professionals from monitoring and mitiga
|
By
Dick Brooks
· #1611
·
|
|
Possible Vendor Day
Sending this to the SPDX list per Gary’s suggestion at today’s SPDX tech team meeting. . Last Week I attended a FERC-DOE supply chain technical conference and a suggestion was made to host a “SBOM Ven
Sending this to the SPDX list per Gary’s suggestion at today’s SPDX tech team meeting. . Last Week I attended a FERC-DOE supply chain technical conference and a suggestion was made to host a “SBOM Ven
|
By
Dick Brooks
· #1610
·
|
|
Your feedback as open source licenses expert/user about OSLiFe-DiSC tool
Dear all, A step forward to automate license processing is to characterize legal terms dealt with by licenses and describe licenses accordingly in order to reach a standardized model. To that end, we
Dear all, A step forward to automate license processing is to characterize legal terms dealt with by licenses and describe licenses accordingly in order to reach a standardized model. To that end, we
|
By
Sihem Ben Sassi
· #1609
·
|
|
Interpreting SPDX Validator Error: SpdxIdInUseException ... ExtractedLicensingInfo
Thank you, Gary! I wasn't sure where the right place was to ask this question. Issue submitted with example: https://github.com/spdx/spdx-online-tools/issues/414
Thank you, Gary! I wasn't sure where the right place was to ask this question. Issue submitted with example: https://github.com/spdx/spdx-online-tools/issues/414
|
By
Keith Zantow
· #1608
·
|
|
Interpreting SPDX Validator Error: SpdxIdInUseException ... ExtractedLicensingInfo
Hi Keith, The “Unexpected Error” usually indicates an issue with the validation tool itself. Can you post an issue at https://github.com/spdx/spdx-online-tools/issues and attach a file that reproduces
Hi Keith, The “Unexpected Error” usually indicates an issue with the validation tool itself. Can you post an issue at https://github.com/spdx/spdx-online-tools/issues and attach a file that reproduces
|
By
Gary O'Neall
· #1607
·
|
|
Interpreting SPDX Validator Error: SpdxIdInUseException ... ExtractedLicensingInfo
Hi, I'm using the SPDX online validator and I'm trying to understand what this error means. Could someone shed some light on it? Analysis exception processing SPDX file: Unexpected Error: org.spdx.lib
Hi, I'm using the SPDX online validator and I'm trying to understand what this error means. Could someone shed some light on it? Analysis exception processing SPDX file: Unexpected Error: org.spdx.lib
|
By
Keith Zantow
· #1606
·
|
|
SPDX creation phase
Having also been in that call I would also like this clarification. The idea behind having this information available is for the recipient to make her or his own judgement on how accurate they expect
Having also been in that call I would also like this clarification. The idea behind having this information available is for the recipient to make her or his own judgement on how accurate they expect
|
By
Jimmy Ahlberg
· #1605
·
|