SPDX becomes internationally recognized standard
In use for a decade as the de facto standard for communicating software bills of materials, The Linux Foundation has announced that the Software Package Data Exchange (SPDX) specification has been published as ISO/IEC 5962:2021 and recognized as the open standard for security, license compliance and other software supply chain artifacts.
