[EXTERNAL] Re: [spdx] SBOM's going mainstream - Biden Cybersecurity EO

Gene Vallow

You’re very welcome.  Thanks for all you do!  :-)


We LOVE that place!  Can’t wait to start going again!  So yes, may see us there! 


From: <spdx@...> on behalf of Steve Winslow <swinslow@...>
Reply-To: "spdx@..." <spdx@...>
Date: Friday, May 14, 2021 at 2:16 PM
To: "spdx@..." <spdx@...>
Subject: [EXTERNAL] Re: [spdx] SBOM's going mainstream - Biden Cybersecurity EO


For those interested -- as a follow-up to Kate's message about the EO, here is an article in ZDNet that mentions several aspects of SPDX and how it addresses objectives of the EO:





On Thu, May 13, 2021 at 1:36 PM Kate Stewart <kstewart@...> wrote:

Last night Biden signed Executive Order (EO) on Improving the Nation’s Cybersecurity.

As part of this Executive order the concept of SBOM is getting widespread visibility.

If the question comes up please help reinforce that SPDX is a valid recognized SBOM format.

NTIA has recognized 3 SBOM formats able to satisfy the minimum viable requirement for an SBOM, and SPDX is one of them. Current details are available from the last NTIA formats and tooling quarterly checkpoint last month. Also, last month NTIA hosted a plugfest, and all but one, tool was able to create an SPDX SBOM.

The NTIA community has been key to getting SBOM in this EO.  Some of you will remember Allan Friedman from NTIA's presentation to our group last year, as well as Ed Heierman from the HealthCare PoC on what they found using SPDX, so it's very exciting to see this emerge.






Steve Winslow
VP, Compliance and Legal
The Linux Foundation