News & Announcements
Oct 3, 2025
SPDX Responds to CISA Minimum Elements RFC
About a month ago, CISA requested industry/community comment on a proposed new minimum set of SBOM elements to replace the original NTIA list. Few people on the planet have thought as much about what belongs in an SBOM than the SPDX tech team which took up the discussion. With input…
Sep 19, 2025
CISA Considering New Set of Minimum Elements
CISA has requested comment on a new set of minimum elements for SBOMs (on top of the original NTiA set). This short announcement describes the process: https://www.cisa.gov/news-events/alerts/2025/08/22/cisa-requests-public-comment-updated-guidance-software-bill-materials The SPDX Tech Team will be responding to the request for comments and will report back to the SPDX community.
Sep 17, 2025
SBOM Vision
In collaboration with NSA and a number of foreign cybersecurity agencies, CISA just just published this easily consumable SBOM vision document. https://www.cisa.gov/sites/default/files/2025-09/joint-guidance-a-shared-vision-of-software-bill-of-materials-for-cybersecurity_508c.pdf
Jul 29, 2025
A Guide to the GitHub SPDX Repo
We just published a readme file at the top level of the repository that provides a great overview of the contents and where to find what. https://github.com/spdx
Mar 5, 2025
Kudos for Yocto support of SPDX SBOMs
Check out this posting and the accompanying article that give a shout out to the Yocto SBOM work that Joshua Watt briefed us on at the last General Meeting. https://www.linkedin.com/posts/vpetersson_im-excited-by-yoctos-sbom-capabilities-activity-7298791001526063106-qqsc/#?lipi=urn%3Ali%3Apage%3Ad_flagship3_detail_base%3Brv%2FCdMTgS36PFZd4RZTQPg%3D%3D https://sbomify.com/2025/02/21/mastering-sbom-generation-with-yocto/