The Linux Foundation (LF) has launched The State of Open Standards Survey to capture how different organizations are involved in open standards adoption and contribution, with the aim of measuring the

Sort of. Security information is even more likely to change after release, EOL for open source components supported by the community may, but much less frequently. Thinking so far, is that this would

#spdx

Hi Sandeep, There is a pull request expected shortly from the Usage profile team, to add this specific field to 2.3. When it comes in, please feel free to review and make sure it's going to suffice fo

#spdx

The video has been posted here: https://www.youtube.com/watch?v=8X5PWa7A6pY&list=PLciqFgcGu7TvR_f3aKZHkozX0WIs-N7vc&index=7 Thanks again to Joshua for sharing with us!

There's been some industry wide agreement on the taxonomy to use to classify tools here: https://www.ntia.gov/files/ntia/publications/ntia_sbom_tooling_taxonomy-2021mar30.pdf I think the path of least

The content that went into the standard is the same as what is in our github repo today, and a pretty version is at: https://spdx.github.io/spdx-spec/. The sources for the 2.2.1 are at: https://github

We've got a lot of historical cruft in our SPDX repo as well. Coming up with some criteria for inclusion & removal is overdue. After we settle the 3.0 template issue, you up for dedicating part of a c

Last night Biden signed Executive Order (EO) on Improving the Nation’s Cybersecurity. As part of this Executive order the concept of SBOM is getting widespread visibility. If the question comes up ple

Thanks for sending this Takahashi-san. I'm forwarding this email for discussion on the spdx-tech mailing list where the usage profile will be discussed. spdx-tech is where we are discussing the profil

Hi all, The SPDX 2.2 specification is now in the final 2 week public review window. The SPDX tech-list participants have been working on polishing it for the last couple of months and adding in the ou

Hi Mark, Thanks for the generous offer. :-) We're not paying for zoom, however I'm definitely up for doing an experiment during our spdx-tech meeting tomorrow, and if it works for the regular attendee

Hi Phil, all Quick update, we will have a guest speaker this week. Matthew Crawford will be discussing "Arm’s SPDX compliance file" Thanks, Kate

In 2017 the project decided to move the specification from google documents to github and a repository was set up at: https://github.com/spdx/spdx-spec Before we could move forward though, we needed t

Hi Phil, I've gone in and updated the tech section to put links into some of the items we discussed and added details of Asia SPDX tech call. Please let me know if you want me to revert. Tech Team Rep

Hi Dan, Am not sure what you're using for a build infrastructure, but there are some solutions emerging in Yocto that may be relevant, as well as the other projects that Philippe outlines. I checked w

There's also BANG! (Binary Analysis Next Generation) that is in beta now. see: https://github.com/armijnhemel/binaryanalysis-ng Kate

Hi Varshak, Welcome! Glad you're interested in participating in our community. I am copying the spdx-tech mail list where we discuss the GSoC efforts. Ideas we've come up with so far are listed on: ht

#spdx

Hi John, Thanks for reaching out! I think this discussion is best handled with the tech team so switching mailing lists, and moving general to bcc. :-) Some of the information you're proposing in SEvA

Hi, Just heard from LF IT that our SPDX site & wiki will be rebooting this weekend, as the apply the Meltdown/Spectre remediation. It should just be down for 5 minutes early this weekend, so this is m

And in addition to Linux getting serious in terms of adding SPDX identifiers, we also have FreeBSD applying them to their code base. Kate ---------- Forwarded message ---------- From: Pedro Giffuni <p