Hi , What is the license type that needs be used in spdx for 3rd parties with proprietary licenses (e.g., Microsoft)? Regards Sandeep

Howdy, team. In last week’s Outreach call we discussed the lack of “getting started with SPDX” documentation, info that could take someone from Zero to SPDX. Currently it’s really hard for new people

Hi Sandeep, The SPDX Defects working group announced security enhancements to the ExternalReference section of the spec as well as an explanatory Annex about how to include security information in an

No special presentation this month, but I will announce this year’s recently added Member Reps and provide a little review of this aspect of the governance process. GENERAL MEETING Meeting Time: Thurs

Hi , Is there any roadmap to integrate VEX to with SPDX ? Or is there already way in current SPDX specification to integrate vulnerability information ? Regards Sandeep

Hi All, We have requirement to specify End Of Life as part of package information in SBoM , Is there way current SPDX format support this ? Regards Sandeep

Hi , I have query regarding SPDXID , Can this be expressed along with CPE or pURL something like "SPDXRef-[cpe id]" or "SPDXRef-[pURL]" Any further guidance on this will help. Regards Sandeep

Some of you probably know that OpenSSF met with a bunch of US Federal organizations in Washington DC last week to discuss cyber security wrt the open source software supply chain. (our own Kate and Wi

Hi , Is there any document reference which can be used to see mapping between SPDX tags and NTIA Minimum elements ? Some element names can be easily confused , something like "Author of SBOM Data" in

All Things Open (ATO) is one of the largest open source conferences in the world now. In 2022 it’ll be in-person only, in its normal location of the Raleigh Convention Center in Raleigh, North Carolin

The OpenChain Industry Survey 2022 covers a big topic: the global status of corporate engagement and management of open source. Please help by completing the survey from your perspective before May 1s

Please join us for a very interesting presentation to kick off the meeting: Preview of LF Study on SBOM Readiness by Steve Hendrick Abstract: The State of Software Bill of Materials (SBOM) and Cyberse

Dear SPDX community, With the adoption of the new project governance model for SPDX in September, one new aspect of the updated structure is the introduction of the ability for companies and other org

https://github.com/spdx/meetings/blob/master/general/2022-02-03.md L. Philip Odence General Manager, Black Duck Audit Business Synopsys Software Integrity Group, Burlington, MA M (781) 258-9502 | phil

Rose, Where can I find the target set objects to create/submit an SPDX SBOM? Thanks, Dick Brooks Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@..

Hello SPDX community, SPDX is hosting another DocFest on January 27th from 7-11 AM PST. The purpose of this event is to bring together producers and consumers of SPDX documents and discuss differences

Hi all, while the README at [1] documents the https://github.com/spdx/license-list repo to be archived, it's not "archived" in the GitHub sense, as available in the settings at https://github.com/spdx

Hello, all, looking forward to seeing you Thursday. Note, we’ll have guest presentation from Microsoft on what they are doing with SPDX. Best, Phil GENERAL MEETING Meeting Time: Thurs, Dec 2, 8am PT /

Hi all, we recently published some insights on our license database. You can find details on https://github.com/org-metaeffekt/metaeffekt-universe and a visualization of the data on https://metaeffekt

Also attached are slides from Adrian and Steve’s very interesting presentations. https://wiki.spdx.org/view/General_Meeting/Minutes/2021-12-02 General Meeting/Minutes/2021-12-02 < General Meeting‎ | M