Date 1 - 1 of 1
SPDX Feb General Meeting MInutes
L. Philip Odence
General Manager, Black Duck Audit Business
Synopsys Software Integrity Group, Burlington, MA
M (781) 258-9502 | phil.odence@...
SPDX General Meeting Minutes - Feb 3, 2022
- Attendance: 33
- Lead by Phil Odence
- Minutes from last meeting approved
Steve Hendrick w/report on SBOM readiness
- Press release about the report
- Report itself
- Showing a selected set of slides from the report
- In all his years as an industry analyst, he never heard of SBOMs. Now though, it's about to become a massive market.
- Was careful to not be too LF biased by surveying a broad end user community.
- Anticipate a 60+ percent growth of orgs using SBOMs…if the tooling exists to support that growth. He hasn't yet looked at the tools that are out there.
- Not a lot of visibility for this from the vendors & tooling providers. Analysts also haven't yet done a market forecast for this, either.
- Discussion on formats that wasn't included in the report. Won't summarise here as it's not really public.
Tech Team Report - Gary/Kate/Thomas
- Thomas sent out Doodle poll to figure out date for next team call
- Multiple options on how to include vulnerabilities: include, separate, and link
- Working on one document
- Good progress on building concensus on when to use properties or relationships (packages containing files for example). Follow along in spdx-3.0-model repo.
- Follow up from Docfest on some clarifications that emerged from comparisons.
- Anything that we need to help people adopt SPDX for presidential order. Dick points out CMC issued an RFI that incorporates SBOM: https://sam.gov/opp/fe53a2be20094034b178e260f29cd0ad/view
- For licensing-related fields that are currently mandatory but can have noassertion, looking at permitting them to be made as optional for 2.3, presuming NOASSERTION if field is omitted.
- Held on 1/27, 24 attendee, identified - 6 topics - made it through all 6
- Thanks to analysis team for helping to understand the differences!
- GSOC Summer of Code - Alexios will be lead.
- Please feel free to contribute
- Rohit working on merge for Online tools.
- Working with CycloneDX team to have tools that interoperate.
- FOSDEM coming up this weekend - Software Composition and Dependency devroom, https://fosdem.org/2022/schedule/track/software_composition_and_dependency_management/
Legal Team Report - Jilayne/Paul/Steve
- Will release 3.16 this weekend.
- Good discussion on Fedora use of identifiers, and use between communities.
- Historically added about 80 licenses to license list in 2014, based on Fedora's own list of licenses
- Similar to discussion previously with Warner about use in FreeBSD
- Will provide updates to General team on Fedora and FreeBSD as it proceeds
Outreach Team Report - Sebastian
- (getting update from email)
- VM Brasseur
- Brad Goldring, GTC Law Group
- Christina Chen
- Thomas Steenbergen
- Steve Hendrick
- Jilayne Lovejoy
- Dick Brooks
- Kate Stewart
- Alex Rybak
- Alexios Zavras
- Gary O'Neall
- Christine Chen
- David Edelsohn
- Jacob Wilson
- Jesse Porter, Qualcomm
- Karan Marjara
- Lena Smart
- Marc Etienne Vargenau
- Matthew Neal Miller, Red Hat Product Security
- Michael Herzog
- Paul Madick
- Pete Allor, Red Hat Product Security
- Phil Odence
- Steve Winslow
- William Cox
- Andrew Jorgensen
- Alfredo Espinosa
- Rose Judge
- Ria Schalnat
- Joe Bussell
- Joshua Dubin
- Michael Herzog
|1 - 1 of 1|