ShiftLeft Academy

ISO Admits SPDX as a Standard for SBOMs

Posted on

by

Interview with Kate Stewart, VP of dependable embedded systems at the Linux Foundation

In late August, the Software Package Data Exchange® (SPDX®) specification was published as an ISO standard (ISO/IEC 5962:2021). Intel, Microsoft, Siemens, Sony, VMware, and WindRiver are just some of the companies already using SPDX for SBOM information in policies or tools to ensure compliant, secure development across global software supply chains. 

 

 Kate Stewart, VP of dependable embedded systems at the Linux Foundation worked with the Joint Development Foundation and the SPDX community to publish this standard. In this interview, she explains the value of this standard, as well as what it means to DevSecOps pros. 

Resource for using the SPDX standard: https://spdx.dev

{% video_player “embed_player” overrideable=False, type=’scriptV4′, hide_playlist=True, viral_sharing=False, embed_button=False, autoplay=False, hidden_controls=False, loop=False, muted=False, full_width=False, width=’1280′, height=’720′, player_id=’58067149914′, style=” %}

 

Related Posts

Check out all of GrammaTech’s resources and stay informed.

view all posts

Contact Us

Get a personally guided tour of our solution offerings. 

Contact US