FYI: SPDX in the OpenSSF Mobilization Plan

VM (Vicky) Brasseur

Some of you probably know that OpenSSF met with a bunch of US Federal organizations in Washington DC last week to discuss cyber security wrt the open source software supply chain. (our own Kate and William were there!)


Prior to that meeting, the OpenSSF community prepared a “mobilization plan” to present to the Feds, detailing ten areas where they feel they can make improvements to the security of the overall ecosystem. The ninth area is “SBOMs Everywhere” and specifically calls for working with SPDX.


You can download the complete plan here:





VM (Vicky) Brasseur

Director, Senior Strategy Advisor

Open Source Program Office

Wipro Limited

Time Zone: Pacific/West Coast US


'The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.'

Internal to Wipro