An open standard describing SBOMs (Software Bill of Materials), communicating a release: name, version, components, licenses, copyrights, and useful security references. As a common format, SPDX reduces redundant work related to sharing important release data, thereby streamlining distribution and compliance.
The SPDX specification is a freely available international open standard (ISO/IEC 5692:2021).
SPDX is organized in areas of interest or profiles focused on specific user needs.
Aug 9, 2023
In an enlightening YouTube presentation, Adolfo delved into the fascinating world of VEX and SPDX, detailing the implications of software vulnerabilities and how these can be tracked, assessed, and communicated. Understanding this process is pivotal for tech enthusiasts, software developers, and cybersecurity professionals, as it aids in managing software vulnerabilities…
Aug 2, 2023
This post was written with the inestimable help of Luke Hinds of the Sigstore community who heped review it and edit it. As software supply chain security becomes increasingly important, organizations are looking for robust methods to verify the integrity and authenticity of their software components. One such approach is the…
