The OpenChain Project has launched a series of bi-weekly free webinars that provide access to people and knowledge that we would otherwise obtain at events. We held our fourth meeting on Monday the 18th of May at 5pm Pacific with two guest speakers.
This time we unpacked how the newly released SPDX 2.2. SPDX, as a leading industry standard for Software Bill of Materials, plays a pivotal role in the implementation of practical manual and automated compliance programs.
Kate Stewart, Sr. Director of Strategic Programs at the Linux Foundation, explained how SPDX 2.2 works and what it means for the community. Kate has been a key driver of this standard over the last 10 years and can answer all your questions about what the current standard means, what projects support it, and the current state of the tooling landscape.
Yoshiyuki Ito, Principal Expert at RENESAS Electronics, provided an overview of SPDX Lite. This is a “Profile” for the SPDX 2.2 standard that helps companies deploy the Software Bill of Materials to match certain workflows, particularly with respect to suppliers to large companies using existing processes. Ito San and others in the OpenChain Japan Work Group created SDPX Lite to help ensure that the standard could seek adoption in as many production environments as possible with minimal friction.
Check Out the Full Series