ISO Admits SPDX as a Standard for SBOMs

Posted on


Interview with Kate Stewart, VP of dependable embedded systems at the Linux Foundation

In late August, the Software Package Data Exchange® (SPDX®) specification was published as an ISO standard (ISO/IEC 5962:2021). Intel, Microsoft, Siemens, Sony, VMware, and WindRiver are just some of the companies already using SPDX for SBOM information in policies or tools to ensure compliant, secure development across global software supply chains. 


 Kate Stewart, VP of dependable embedded systems at the Linux Foundation worked with the Joint Development Foundation and the SPDX community to publish this standard. In this interview, she explains the value of this standard, as well as what it means to DevSecOps pros. 

Resource for using the SPDX standard:

{% video_player “embed_player” overrideable=False, type=’scriptV4′, hide_playlist=True, viral_sharing=False, embed_button=False, autoplay=False, hidden_controls=False, loop=False, muted=False, full_width=False, width=’1280′, height=’720′, player_id=’58067149914′, style=” %}


Related Posts

Check out all of CodeSecure’s resources and stay informed.

view all posts

Book a Demo

We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now