For those interested -- as a follow-up to Kate's message about the EO, here is an article in ZDNet that mentions several aspects of SPDX and how it addresses objectives of the EO:
https://www.zdnet.com/article/linux-and-open-source-communities-rise-to-bidens-cybersecurity-challenge/ Steve On Thu, May 13, 2021 at 1:36 PM Kate Stewart <[email protected]> wrote: > Last night Biden signed Executive Order (EO) on Improving the Nation’s > Cybersecurity > <https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/> > . > As part of this Executive order the concept of SBOM is getting widespread > visibility. > > If the question comes up please help reinforce that *SPDX is a **valid > recognized SBOM format*. > NTIA has recognized 3 SBOM formats able to satisfy the minimum viable > requirement > <https://www.ntia.gov/files/ntia/publications/sbom_options_and_decision_points_20210427-1.pdf> > for an SBOM, and SPDX is one of them. Current details are available from > the last NTIA formats and tooling quarterly checkpoint last month > <https://www.ntia.gov/files/ntia/publications/ntia_sbom_tooling_2021-q2-checkpoint.pdf>. > Also, last month NTIA hosted a plugfest, and all but one, tool was able to > create an SPDX SBOM. > > The NTIA community has been key to getting SBOM in this EO. Some of you > will remember Allan Friedman from NTIA's presentation to our group last > year, as well as Ed Heierman from the HealthCare PoC on what they found > using SPDX, so it's very exciting to see this emerge. > > Thanks, > Kate > > > > > > -- Steve Winslow VP, Compliance and Legal The Linux Foundation [email protected] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1404): https://lists.spdx.org/g/spdx/message/1404 Mute This Topic: https://lists.spdx.org/mt/82805212/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
