Thanks, Phil - I'm very much looking forward to the configurable profiles capability.
Thanks, Dick Brooks <https://reliableenergyanalytics.com/products> Never trust software, always verify and report! T <http://www.reliableenergyanalytics.com/> http://www.reliableenergyanalytics.com Email: <mailto:[email protected]> [email protected] Tel: +1 978-696-1788 From: [email protected] <[email protected]> On Behalf Of Phil Odence via lists.spdx.org Sent: Tuesday, September 14, 2021 1:16 PM To: [email protected] Subject: Re: [spdx] SPDX Goes ISO Yes, understood. Thanks, Dick. For that use case, the President was more concerned with a cyber attack that a license violation. This is the point of evolving SPDX to be "configurable" with profiles to meet different use cases. From: [email protected] <mailto:[email protected]> <[email protected] <mailto:[email protected]> > on behalf of Dick Brooks <[email protected] <mailto:[email protected]> > Date: Tuesday, September 14, 2021 at 12:44 PM To: [email protected] <mailto:[email protected]> <[email protected] <mailto:[email protected]> > Subject: Re: [spdx] SPDX Goes ISO Phil, Minimal SBOM elements specified by NTIA for Executive Order (EO) 14028 do not include license data element requirements (see attached). The EO and the NTIA SBOM minimal elements focus on Cyber risk, i.e. C-SCRM, whereas license management is a Legal/Financial risk. The use of SBOM for license legal risk management is indeed a good practice, but it is not required to satisfy NTIA minimal SBOM requirements for EO 14028. Thanks, Dick Brooks <https://urldefense.com/v3/__https:/reliableenergyanalytics.com/products__;! !A4F2R9G_pg!MP3dW6x6ax5cv9cLKPaJWKoLw3fcFsIY7p-P5anZJtnAl_QOc8_yNC1s0P6Di8H_ iqa64WfF$> Never trust software, always verify and report! T <https://urldefense.com/v3/__http:/www.reliableenergyanalytics.com/__;!!A4F2 R9G_pg!MP3dW6x6ax5cv9cLKPaJWKoLw3fcFsIY7p-P5anZJtnAl_QOc8_yNC1s0P6Di8H_iqufK v0t$> http://www.reliableenergyanalytics.com Email: <mailto:[email protected]> [email protected] Tel: +1 978-696-1788 From: [email protected] <mailto:[email protected]> <[email protected] <mailto:[email protected]> > On Behalf Of Phil Odence via lists.spdx.org Sent: Tuesday, September 14, 2021 11:53 AM To: [email protected] <mailto:[email protected]> Subject: Re: [spdx] SPDX Goes ISO Thanks, Matija. Absolutely not just license compliance. Security too is a big driver and an important part/direction of SPDX. From: [email protected] <mailto:[email protected]> <[email protected] <mailto:[email protected]> > on behalf of Matija Šuklje <[email protected] <mailto:[email protected]> > Date: Tuesday, September 14, 2021 at 10:31 AM To: [email protected] <mailto:[email protected]> <[email protected] <mailto:[email protected]> > Subject: Re: [spdx] SPDX Goes ISO Congratulations! This is indeed a massive step for the software world, and hopefully not just in terms of license compliance! hip hip hurrah! Matija -- gsm: tel:+386.41.849.552 www: https://urldefense.com/v3/__https://matija.suklje.name__;!!A4F2R9G_pg!JDcVm_ 7nX5ihf6dF-lq5bEdOjwvrwPFEsQEyBY11L-icpBRYY7c2OV2t2w8ajmFojgc$ <https://urldefense.com/v3/__https:/matija.suklje.name__;!!A4F2R9G_pg!JDcVm_ 7nX5ihf6dF-lq5bEdOjwvrwPFEsQEyBY11L-icpBRYY7c2OV2t2w8ajmFojgc$> xmpp: [email protected] <mailto:[email protected]> sip: [email protected] <mailto:[email protected]> -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1456): https://lists.spdx.org/g/spdx/message/1456 Mute This Topic: https://lists.spdx.org/mt/85486398/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
