There's been some interesting discussions that have come out of the NTIA's effort to identify what the key elements of an software bill of materials are and improve software transparency for identification and remediation of vulnerabilities.
As a framework for this discussion, William Bartholomew has given our existing 2.1 specification a fresh read and pulled together some discussion points for evolving SPDX (some in the 3.0 timeframe, some earlier) to be able to handle some newer use-cases, and address some of the concerns about adopting SPDX in some fields. For those that want to read up before the meeting: https://docs.google.com/document/d/1XfNrDmlVdnUzvtrPsylJZFfz1LLDoqnm_vi_PguSzy8 Information for joining tomorrow's meeting can be found at: https://wiki.spdx.org/view/Technical_Team and has been copied below for your reference: Tuesdays at 17:00 UTC (and best guess for local time - 10:00AM PDT, 11:00 MDT, 12:00PM CDT, 1:00PM EDT, 18:00 WAT, 19:00 CEST). https://zoom.us/j/663426859 Australia +61 2 8015 2088 Canada +1 647 558 0588 Germany +49 30 3080 6188 Japan +81 3 4578 1488 US Toll-free 877 369 0926 Thanks, Kate -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#3773): https://lists.spdx.org/g/Spdx-tech/message/3773 Mute This Topic: https://lists.spdx.org/mt/34437468/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
