Hi everyone! As every year, Google runs their Summer of Code program, where contributors get the opportunity to become part of Open Source communities. The SPDX Project has participated in the program

All, I feel like I'm missing something obvious here, but which SBOM generators actually generate SPDX SBOMs that (1) have refID's for the overall asset (documentDescribes), and (2) have package depend

https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf Note references to SBOM and NIST/CISA role in driving regulations. Thanks, Dick Brooks Active Member of t

Hello all, Max Huber of TNG Technology Consulting will be presenting on Thursday: In this presentation, Max will give a brief update of the recentdevelopment in the Python Tools. It went through a hug

Hi All, There has been a small discrepancy in the SPDX 2.2 JSON schema and the SPDX spec for a while: the 2.2 spec indicates External Reference Category should have a value of: SECURITY | PACKAGE-MANA

Dear SPDX community, We are approaching the end of the current term for several members of the SPDX Steering Committee. We are reaching out to let the community know about the upcoming nomination and

Pull request not yet approved in GH, so here are the minutes. Sorry they are ugly and indentation isn’t working right. All good in GH. #SPDX General Meeting Minutes - January 5, 2023 ## Administrative

Extending the meeting for 2023…and beyond! Please accept this recurring invitation. “Dial In” info: Join the meeting: https://meet.jit.si/SPDXGeneralMeeting To join by phone instead, tap this: +1.512.

Researchers at Indiana University’s Luddy School of Informatics, Computing, and Engineering are looking for participants in the study of SBOM feature preferences. This is an online and asynchronous st

The Linux Foundation (LF) has launched The State of Open Standards Survey to capture how different organizations are involved in open standards adoption and contribution, with the aim of measuring the

Happy New Year, all. I hope you have a meeting on your calendar for Thursday. In case there is an issue, the conference info is included below. No special presentation this month. Also please note tha

Hello SPDX community! I am the ecosystem manager for Linux Foundation Research and we have recently launched The State of Open Standards Survey to capture how different organizations are involved in o

‘‘SEC. 524B. ENSURING CYBERSECURITY OF DEVICES. ‘‘(3) provide to the Secretary a software bill of 20 materials, including commercial, open-source, and 21 off-the-shelf software components; This text i

Hello Everyone, I’ve heard the SBOM provision that was in the NDAA is under consideration for the Omnibus Bill. I sent written testimony to the Senate Appropriations Committee deliberating the Omnibus

FYI: Please get the word out to restore the SBOM provision in the NDAA. “I don't see why any member of Congress would want to hamstring their own cybersecurity professionals from monitoring and mitiga

Sending this to the SPDX list per Gary’s suggestion at today’s SPDX tech team meeting. . Last Week I attended a FERC-DOE supply chain technical conference and a suggestion was made to host a “SBOM Ven

Dear all, A step forward to automate license processing is to characterize legal terms dealt with by licenses and describe licenses accordingly in order to reach a standardized model. To that end, we

Hi, I'm using the SPDX online validator and I'm trying to understand what this error means. Could someone shed some light on it? Analysis exception processing SPDX file: Unexpected Error: org.spdx.lib

Hi all, One of the suggestions in today’s call for the OpenChain Telco SIG, where we’re discussing proposals for an SBOM standard for the Telecommunications industry, was: > SBOMs conforming to the Te

Hoping to meet some people at this supply chain technical conference in Washington on December 7. Please come out and show your support for SBOM in software supply chains and meet many of the people w