SPDX Software Supply Chain Spec Becomes an ISO Standard

Source: thenewstack.io

SPDX Software Supply Chain Spec Becomes an ISO Standard

Category: Software, Security, Data, Microsoft

Alas, many of you haven’t heard of Software Package Data Exchange (SPDX). Fortunately, while most of us haven’t been paying attention, the Linux Foundation and businesses such as Intel, Microsoft, and VMware, have been pushing it forward and now SPDX has become an International Standards Organization (ISO) standard: ISO/IEC 5962:2021. It all started back in 2010, when, as Jim Zemlin, then and now the Linux Foundation‘s executive director explained there was a need for a standard way for companies to standardize their license and component information (metadata) in bills of material to ease the discovery and labeling of open-source components in their products.

And, let’s face it, since 90% of modern applications are assembled from open source software components, this is essential. In addition, although SPDX’s SBOM was designed first for open source code and licenses, it lends itself equally well to proprietary or other third-party programs.
Read Full Article On thenewstack.io
Achieve superior email deliverability with ToastMail! Our AI-driven tool warms up inboxes, monitors reputation, and ensures emails reach their intended destination. Sign up today for a spam-free future.

Related Articles

Analytics will be available on TFS 2019 RC1 – Want to help us test it? – Microsoft DevOps Blog
Analytics will be available on TFS 2019 RC1 – Want to help us test it? – Microsoft DevOps Blog
Remediating the October 2018 Git Security Vulnerability – Microsoft DevOps Blog
Remediating the October 2018 Git Security Vulnerability – Microsoft DevOps Blog
Splunk Aims to Trigger DevOps Processes
Splunk Aims to Trigger DevOps Processes
Community Partners
CrowdSec
Autonomous.ai | Best Standing Desks & Ergonomic Office Chairs

CloudWays

Scala Hosting

Become a Partner?
DevOps Careers
    • Add a Job?