BEGIN:VCALENDAR PRODID:-//Google Inc//Google Calendar 70.9054//EN VERSION:2.0 CALSCALE:GREGORIAN METHOD:REQUEST BEGIN:VTIMEZONE TZID:America/Los_Angeles X-LIC-LOCATION:America/Los_Angeles BEGIN:DAYLIGHT TZOFFSETFROM:-0800 TZOFFSETTO:-0700 TZNAME:PDT DTSTART:19700308T020000 RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:-0700 TZOFFSETTO:-0800 TZNAME:PST DTSTART:19701101T020000 RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU END:STANDARD END:VTIMEZONE BEGIN:VEVENT DTSTART;TZID=America/Los_Angeles:20250109T080000 DTEND;TZID=America/Los_Angeles:20250109T090000 DTSTAMP:20250107T180109Z ORGANIZER;CN=Rose Judge:mailto:[email protected] UID:[email protected] ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP= TRUE;[email protected];X-NUM-GUESTS=0:mailto:jshapiro@linuxfo undation.org ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=ACCEPTED;RSVP=TRUE ;CN=Rose Judge;X-NUM-GUESTS=0:mailto:[email protected] ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP= TRUE;[email protected];X-NUM-GUESTS=0:mailto:[email protected] X-MICROSOFT-CDO-OWNERAPPTID:1089951994 CREATED:20250107T180106Z DESCRIPTION:<span><span><span><span><span>Hello SPDX Team\,<br><br>The Janu ary General Meeting is happening this Thursday\, January 9th. We have a gre at presentation planned<i><b> </b></i>from Gary O'Neall and Jeff Shapiro\,< i><b> </b></i></span></span></span></span></span><b>Generating SBOMs for Cr itical LF Projects</b><span><b><i>.</i></b><br><span><span> </span><br><spa n><b>Abstract:</b> </span></span></span><span>We’ve been doing source level license scans for LF projects for a long time including generating SPDX fo rmatted files\, but what about SBOMs that can meet (and exceed) the governm ent minimum specification? Here at the LF\, we are now leveraging our exist ing scanning capabilities to generate SPDX SBOMs for these same critical op en source projects.<br><br>In the LF spirit\, we are using existing open so urce tools to scan project dependencies to produce an SBOM that meets the m inimum spec. We are also producing dependency level license data to complem ent our source level scans. In the near future we will be combining these t o produce a grand unified SBOM that will meet a newly defined LF minimum sp ecification for SBOMs.<br><br>We will talk about our process to generate th ese SBOMs\, the challenges we faced\, our future plans\, and share more abo ut how you can make use of these for the projects you care about most.</spa n><br><span><span><span></span></span></span><br><span><span><span></span>< /span></span><br><span><span><span></span></span></span><br><span><span><sp an></span></span></span><br><span><span><span></span></span></span><br><spa n><span><span></span></span></span><br><span><span><span></span></span></sp an><br><span><span><span></span></span></span><br><span><span><span></span> </span></span><br><span><span><span></span></span></span><br><span><span><s pan><br></span></span></span><br><span><b>Jeff Shapiro</b> is the Director of License Scanning for The Linux Foundation. He has over 30 years of exper ience in the software industry\, including 10 years in software auditing\, open source scanning\, and training developers in OSS license compliance.</ span><span> </span><br><span> </span><br><span><b><span>Gary</span> O'Neall </b> is a contributor to SPDX specifications and tooling. <span>Gary</span> O’Neall is also responsible for product development and technology for Sou rce Auditor Inc.\, a software and service company helping software companie s manage the technical and legal risks of open-source software.</span><span > <br></span><br><span><span><span><span><span><br>Meeting Time: Thursday\, January 9\, 8am PT / 10 am CT / 11am ET / 15:00 UTC. <a href="http://www.t imeanddate.com/worldclock/converter.html" target="_blank">http://www.timean ddate.com/worldclock/converter.html</a><br><br>Conf call dial-in:<br>Join t he meeting: <a href="https://meet.jit.si/SPDXGeneralMeeting" target="_blank ">https://meet.jit.si/SPDXGeneralMeeting</a> . To join by phone instead\, tap this: +1.512.647.1431\,\,1310118349# Looking for a different dial-in n umber? See meeting dial-in numbers: <a href="https://meet.jit.si/static/dia lInInfo.html?room=SPDXGeneralMeeting." target="_blank">https://meet.jit.si/ static/dialInInfo.html?room=SPDXGeneralMeeting.</a> If also dialing-in t hrough a room phone\, join without connecting to audio: <a href="https://me et.jit.si/SPDXGeneralMeeting#config.startSilent=true" target="_blank">https ://meet.jit.si/SPDXGeneralMeeting#config.startSilent=true</a><br> <br>Ether pad for minutes:<br><a href="https://spdx.swinslow.net/p/spdx-general-minut es" target="_blank">https://spdx.swinslow.net/p/spdx-general-minutes</a><br > <br><b>Meeting Agenda:</b><br>Administrative Agenda<br> - Approve meetin g minutes from last month</span></span><span><br><span> - Attendance<br> <br><b>Special Presentation</b> from </span></span></span></span><span>Gary O'Neall and Jeff Shapiro </span><span><span><span><span> - "</span></span> </span></span></span>Generating SBOMs for Critical LF Projects<span><span>< span><span>"</span><br><span><span> <br><b>Technical Team Report</b> – Kate /Gary/OthersOverview<br> • Specification and Profiles<br> • Core &\; Software<br> • Security<br> • Licensing<br > • Build<br> • Lite<br> • AI<br> • Dat aset<br> • Functional Safety<br> • Canonicalization/Seria lization<br> • Software as a Service<br> • Hardware<br> • Tooling + Implementers<br><br> <br><b>Legal Team Report</b> – Jil ayne/Steve<br> <br><b>Outreach/Website Team Report</b> – Alexios/Bob<br><br ><b>General Announcements</b></span></span></span></span></span> LAST-MODIFIED:20250107T180106Z LOCATION:https://meet.jit.si/SPDXGeneralMeeting SEQUENCE:0 STATUS:CONFIRMED SUMMARY:January SPDX General Meeting TRANSP:OPAQUE BEGIN:VALARM ACTION:DISPLAY DESCRIPTION:This is an event reminder TRIGGER:-P0DT0H10M0S END:VALARM END:VEVENT END:VCALENDAR
invite.ics
Description: application/ics
