On Thu, 2021-09-09 at 15:02 +0000, Phil Odence via lists.spdx.org wrote: > I’m pleased to announce that SPDX is now ISO/IEC 5962:2021. > > Many people have worked hard over the last decade to get us to this point. Big > credit goes to my Steering Committee colleagues who have all been > instrumental. > And we should recognize that this was all Kate’s brainchild. I believe it was > Fall of 2009 when she started informally socializing the idea of a standard > SBOM > format at Linux Foundation events. Not too long thereafter, in the then single > weekly meeting, early participants began debating whether it should be SPDE, > ultimately deciding “X” at the end would be catchier. And now it’s officially > caught. > > Here’s the LF press release: > http://www.linuxfoundation.org/press-release/spdx-becomes-internationally-recognized-standard-for-software-bill-of-materials >
This is great news, very happy to see it and kudos to everyone involved. People may also be interested to know that we just merged SPDX SBOM generation into OpenEmbedded-Core, just before our feature freeze for our October release (3.4). This means that Yocto Project will have SPDX and hence ISO compliant SBOM generation out the box from then and hence on our next LTS planned for April. http://git.yoctoproject.org/cgit.cgi/poky/commit/?id=f1a34a63e44dc444ed213c48bfeab9da1196bfc8 (and following patches) Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1440): https://lists.spdx.org/g/spdx/message/1440 Mute This Topic: https://lists.spdx.org/mt/85486398/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
