SBOMs are a crucial tool for understanding the composition of software, which is particularly important in the context of managing security risks and licensing compliance. Recent regulatory efforts from, among others, the US and the EU, explicitly move towards requiring SBOM for each software delivery.
SPDX (System Package Data Exchange) is a freely available ISO standard that provides a set of specifications for communicating SBOM information. It offers a common format for companies and organizations to share important data accurately and efficiently.
This presentation will delve into the details of the newly released version of SPDX, providing a comprehensive understanding of their importance in the software industry.
