News & Announcements
Nov 13, 2024
Implementing an AI BOM
As global regulations on AI software tighten, developers face a complex set of new, ambiguous rules. The AI Software Bill of Materials (AI BOM), especially the new SPDX 3.0 with AI and dataset profiles, offers a promising solution for compliance, providing detailed, machine-readable documentation of AI systems. Despite its benefits,…
Sep 4, 2024
SBOM Adoption Paper
Check out this great new Linux Foundation paper on implementing SBOMs and how it helps with license compliance and application security. Author Ibrahim Haddid provides great insights into this important topic. SPDX is prominently featured.
Jul 9, 2024
Linux Foundation announces SPDX 3.0
In case you missed it, the Linux Foundation excitedly announced the latest version of SPDX. It's a great summary of the cool new architecture, use cases and features.
Nov 6, 2023
Capturing Software Vulnerability Data in SPDX 3.0
The flexibility of SPDX 3.0 allows users to either link SBOMs to external security vulnerability data or to embed security vulnerability information in the SPDX 3.0 data format, thanks to support for a security-specific profile. This is different from SPDX version 2, which enabled users to link an SBOM to…
Oct 9, 2023
Understanding SPDX Profiles
On the surface, profiles are pretty straight forward - they are a way of organizing a specification that covers a broad array of use cases into “profiles” more specific to what a specific producer or consumer of SPDX data may be interested in.
