Discover Organizations/Events News

SPDX becomes internationally recognized standard

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In use for a decade as the de facto standard for communicating software bills of materials, The Linux Foundation has announced that the Software Package Data Exchange (SPDX) specification has been published as ISO/IEC 5962:2021 and recognized as the open standard for security, license compliance and other software supply chain artifacts.