ISO Admits SPDX as a Standard for SBOMs

October 21, 2021

Interview with Kate Stewart, VP of dependable embedded systems at the Linux Foundation

In late August, the Software Package Data Exchange® (SPDX®) specification was published as an ISO standard (ISO/IEC 5962:2021). Intel, Microsoft, Siemens, Sony, VMware, and WindRiver are just some of the companies already using SPDX for SBOM information in policies or tools to ensure compliant, secure development across global software supply chains. 

 

 Kate Stewart, VP of dependable embedded systems at the Linux Foundation worked with the Joint Development Foundation and the SPDX community to publish this standard. In this interview, she explains the value of this standard, as well as what it means to DevSecOps pros. 

Resource for using the SPDX standard: https://spdx.dev

Katestewart

 

Interested in trying CodeSonar or CodeSentry for yourself?
Book Evaluation

Recent Articles

Popular Articles

Posts by Topic