ISO Admits SPDX as a Standard for SBOMsOctober 21, 2021 Tweet
Interview with Kate Stewart, VP of dependable embedded systems at the Linux FoundationIn late August, the Software Package Data Exchange® (SPDX®) specification was published as an ISO standard (ISO/IEC 5962:2021). Intel, Microsoft, Siemens, Sony, VMware, and WindRiver are just some of the companies already using SPDX for SBOM information in policies or tools to ensure compliant, secure development across global software supply chains.
Kate Stewart, VP of dependable embedded systems at the Linux Foundation worked with the Joint Development Foundation and the SPDX community to publish this standard. In this interview, she explains the value of this standard, as well as what it means to DevSecOps pros.
Resource for using the SPDX standard: https://spdx.dev