SPDX becomes internationally recognized standard

In use for a decade as the de facto standard for communicating software bills of materials, SPDX formally becomes the internationally recognized ISO/IEC JTC 1 standard.

Image: Kheng Guan Toh/Shutterstock

The Linux Foundation announced Thursday the Software Package Data Exchange (SPDX) specification has been published as ISO/IEC 5962:2021 and recognized as the open standard for security, license compliance and other software supply chain artifacts. 

Software bills of materials are used to communicate information in policies or tools to ensure compliant, secure development across global software supply chains. 

“SPDX plays an important role in building more trust and transparency in how software is created, distributed and consumed throughout supply chains,” said Jim Zemlin, executive director, the Linux Foundation,…

Keep reading the full content on the TechRepublic site.


Get Free Email Updates!

Signup now and receive an email once I publish new content.

I agree to have my personal information transfered to ConvertKit ( more information )

I will never give away, trade or sell your email address. You can unsubscribe at any time.

Spread the love

Leave a Comment