|
|
Log in / Subscribe / Register

SPDX Becomes Internationally Recognized Standard for Software Bill of Materials

SPDX Becomes Internationally Recognized Standard for Software Bill of Materials

Posted Sep 11, 2021 20:07 UTC (Sat) by bokr (guest, #58369)
In reply to: SPDX Becomes Internationally Recognized Standard for Software Bill of Materials by fw
Parent article: SPDX Becomes Internationally Recognized Standard for Software Bill of Materials

4However, ISO can and does change the rules for specific standards.
5------------------------------------------------------------------
6
7Who made the rules that ISO must adhere to?
8
9Maybe THEY could mandate that official standards
10must be digitally signed and sent to countries' National Libraries
11(e.g. US Library of Congress) for public free (beer and libre) acess.
12
13... And disallow gaming "official"-naming so ISO (or other standard-producers)
14can't say "...not official yet, but for a price..." a
15
16Important public standards work needs to be funded, yes,
17but the current tollgate method is perverse.
18
19Idea: Tax-fund public national libraries to enable them
20 to funnel grants to the standards-producers of anything
21 to be named "official."
22
23 And let them pay recognized developers/writers directly
24 to bypass pay-the-piper controls of organizations.
25 (obviously rules will be needed to keep the pipeline-tappers
26 from this funding flow, so expect a monitoring group to form
27 whose only purpose will eventually be to keep existing :)

to post comments

SPDX Becomes Internationally Recognized Standard for Software Bill of Materials

Posted Sep 11, 2021 21:54 UTC (Sat) by Vipketsh (guest, #134480) [Link] (1 responses)

The funding situation, I think, is really just an excuse.

There are pretty much two cases of standards: (i) when it is used to unify markets to everyone's benefit (e.g. electrical wiring) and (ii) when companies use standards as advertising and/or a political play to make their crap be used by everyone over a competitor's. The first case is something that works only if backed by big governments or corporations & thus makes sense for them to fund it and in the second case anyone other than the companies involved funding the exercise is unfair.

An example of a good model that works in some cases is the one USB had (don't know the situation with USB4): the text of the standard is available to everyone for free but if you want to sell a device claiming to be "USB compatible" with the logo you need to to pay the organisation some money. Thereby facilitating individuals access all the while making the ones, who have an interest and can, fund further development. I think HDMI before 2.0 had a similar model.

SPDX Becomes Internationally Recognized Standard for Software Bill of Materials

Posted Sep 12, 2021 17:40 UTC (Sun) by jebba (guest, #4439) [Link]

> The funding situation ...

Out of curiosity I looked it up. The latest ISO annual report[1] is from 2019. It shows total revenue as 43,157,000 CHF, around $50 million USD. A bit less than half of that comes from sales royalties and direct sales. So it would cost around $20 mil USD/year for the standards to be publicly available without ISO losing any revenue. Over half that is from royalties though, so member organizations (e.g. ANSI) would potentially be out of revenue too. Overall, considering the companies involved and the global scope, the dollar amounts are trivial. ISO is a NGO (non-governmental organization) based in Switzerland.

[1] PDF page 33, https://www.iso.org/files/live/sites/isoorg/files/store/e...


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds