External link: SPDX Software Supply Chain Spec Becomes an ISO Standard


Great article by Steven J. Vaughan-Nichols: 
 Alas, many of you haven’t heard of Software Package Data Exchange (SPDX). That’s a pity because SPDX is what’s going to save us from the misery of software supply chain attacks such as Solarwinds. Fortunately, while most of us haven’t been paying attention, the Linux Foundation and businesses such as Intel, Microsoft, and VMware, have been pushing it forward and now SPDX has become an International Standards Organization (ISO) standard: ISO/IEC 5962:2021.”

Shane Coughlan
OpenChain General Manager
Book a meeting:

Join main@lists.openchainproject.org to automatically receive all group messages.