The Linux Foundation Projects
Skip to main content

News & Announcements

Aug 9, 2023

Deciphering VEX and SPDX: A Deep Dive into Software Vulnerability Analysis and Reporting

In an enlightening YouTube presentation, Adolfo delved into the fascinating world of VEX and SPDX, detailing the implications of software vulnerabilities and how these can be tracked, assessed, and communicated. Understanding this process is pivotal for tech enthusiasts, software developers, and cybersecurity professionals, as it aids in managing software vulnerabilities…

Aug 2, 2023

A Step-by-Step Guide to Signing an SPDX SBOM with Sigstore’s Cosign

This post was written with the inestimable help of Luke Hinds of the Sigstore community who heped review it and edit it. As software supply chain security becomes increasingly important, organizations are looking for robust methods to verify the integrity and authenticity of their software components. One such approach is the…

Jul 25, 2023

Leveraging Profiles for License Compliance: Insights from SPDX Mini Summit

The SPDX Mini Summit, held at the Open Source Summit North America 2023, brought together industry experts to discuss the latest developments in open software at large. The focus of this year’s session though, was software supply chain. The SPDX mini summit was thus one of the highlights of the…

Jul 18, 2023

Providing Transparency at Software Development’s core process: build time.

The SPDX mini summit held at the prestigious Open Source Summit North America 2023 in Vancouver, Canada, brought together industry experts to discuss cutting-edge developments in software development. Among the standout presentations was the talk by Brandon Lum and Nisha Kumar, where they shed light on the transformative potential of…

Jun 27, 2023

Unraveling the World of Software Bill of Materials: A Brief Guide

by Jeff Shapiro & Gary O'Neall SPDX 3.0 Mini Summit OSSNA 2023 🇨🇦 blog post series This post is a bit of an oddball because, technically, this talk did not take place during the SPDX mini summit. It was part of Supply Chain Security Con hosted at OSSNA 2023. But…