News & Announcements
Sep 4, 2024
SBOM Adoption Paper
Check out this great new Linux Foundation paper on implementing SBOMs and how it helps with license compliance and application security. Author Ibrahim Haddid provides great insights into this important topic. SPDX is prominently featured.
Jul 9, 2024
Linux Foundation announces SPDX 3.0
In case you missed it, the Linux Foundation excitedly announced the latest version of SPDX. It's a great summary of the cool new architecture, use cases and features.
Nov 6, 2023
Capturing Software Vulnerability Data in SPDX 3.0
The flexibility of SPDX 3.0 allows users to either link SBOMs to external security vulnerability data or to embed security vulnerability information in the SPDX 3.0 data format, thanks to support for a security-specific profile. This is different from SPDX version 2, which enabled users to link an SBOM to…
Oct 9, 2023
Understanding SPDX Profiles
On the surface, profiles are pretty straight forward - they are a way of organizing a specification that covers a broad array of use cases into “profiles” more specific to what a specific producer or consumer of SPDX data may be interested in.
Aug 9, 2023
Deciphering VEX and SPDX: A Deep Dive into Software Vulnerability Analysis and Reporting
In an enlightening YouTube presentation, Adolfo delved into the fascinating world of VEX and SPDX, detailing the implications of software vulnerabilities and how these can be tracked, assessed, and communicated. Understanding this process is pivotal for tech enthusiasts, software developers, and cybersecurity professionals, as it aids in managing software vulnerabilities…