Some of you probably know that OpenSSF met with a bunch of US Federal organizations in Washington DC last week to discuss cyber security wrt the open source software supply chain. (our own Kate and Wi

Hi , Is there any document reference which can be used to see mapping between SPDX tags and NTIA Minimum elements ? Some element names can be easily confused , something like "Author of SBOM Data" in

All Things Open (ATO) is one of the largest open source conferences in the world now. In 2022 it’ll be in-person only, in its normal location of the Raleigh Convention Center in Raleigh, North Carolin

The OpenChain Industry Survey 2022 covers a big topic: the global status of corporate engagement and management of open source. Please help by completing the survey from your perspective before May 1s

Please join us for a very interesting presentation to kick off the meeting: Preview of LF Study on SBOM Readiness by Steve Hendrick Abstract: The State of Software Bill of Materials (SBOM) and Cyberse

Dear SPDX community, With the adoption of the new project governance model for SPDX in September, one new aspect of the updated structure is the introduction of the ability for companies and other org

https://github.com/spdx/meetings/blob/master/general/2022-02-03.md L. Philip Odence General Manager, Black Duck Audit Business Synopsys Software Integrity Group, Burlington, MA M (781) 258-9502 | phil

Rose, Where can I find the target set objects to create/submit an SPDX SBOM? Thanks, Dick Brooks Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@..

Hello SPDX community, SPDX is hosting another DocFest on January 27th from 7-11 AM PST. The purpose of this event is to bring together producers and consumers of SPDX documents and discuss differences

Hi all, while the README at [1] documents the https://github.com/spdx/license-list repo to be archived, it's not "archived" in the GitHub sense, as available in the settings at https://github.com/spdx

Hello, all, looking forward to seeing you Thursday. Note, we’ll have guest presentation from Microsoft on what they are doing with SPDX. Best, Phil GENERAL MEETING Meeting Time: Thurs, Dec 2, 8am PT /

Hi all, we recently published some insights on our license database. You can find details on https://github.com/org-metaeffekt/metaeffekt-universe and a visualization of the data on https://metaeffekt

Also attached are slides from Adrian and Steve’s very interesting presentations. https://wiki.spdx.org/view/General_Meeting/Minutes/2021-12-02 General Meeting/Minutes/2021-12-02 < General Meeting‎ | M

Dear all, Since we didn't have time at the SPDX General Meeting today for the usual team reports, I'm writing to send the Outreach Team's report in textual form! Feel free to reply if you have any que

Recording now available. Part #5 explores how SPDX ISO/IEC 5962 works as a Software Bill of Materials (SBOM) in the supply chain through existing open source tooling for open source compliance. https:

REMINDER: OpenChain Automation Case Study showing SPDX Software Bill of Materials being used in a “virtual supply chain” @ 09:00 UTC. Join without registration here: https://zoom.us/j/4377592799 Every

REMINDER: Today is the OpenChain Automation Case Study “virtual supply chain” showing code going through multiple scanners and maintaining SPDX integrity @ 09:00 UTC. We will hold it on Zoom: https://

A taxonomy of this SSC ecosystem. I would like to have one, plz&thx. For instance, looking at this (very much work in progress, just noodling about as I think about things) picture, those items in eac

Hi all, Great news: ISO SPDX standard is now publicly available at: https://standards.iso.org/ittf/PubliclyAvailableStandards/ Best regards, Marc-Etienne

https://wiki.spdx.org/view/General_Meeting/Minutes/2021-11-04 General Meeting/Minutes/2021-11-04 < General Meeting‎ | Minutes · Attendance: 25 · Lead by Phil Odence · Minutes from last approved · Comp