|
|
Log in / Subscribe / Register

SPDX Becomes Internationally Recognized Standard for Software Bill of Materials

SPDX Becomes Internationally Recognized Standard for Software Bill of Materials

Posted Sep 12, 2021 22:32 UTC (Sun) by hazmat (subscriber, #668)
Parent article: SPDX Becomes Internationally Recognized Standard for Software Bill of Materials

Last i checked spdx had no way to declare non oss aka commercial/proprietary licenses in metadata outside of unknown :/ making it a standard for sbom seems rather limited in that regard, which given is one its primary purposes (aka declare artifacts and licenses) leaves me with trepidation.

to post comments

SPDX Becomes Internationally Recognized Standard for Software Bill of Materials

Posted Sep 13, 2021 8:37 UTC (Mon) by k3ninho (subscriber, #50375) [Link] (1 responses)

The strength is the shorthand for common licence declarations and assembling a manifest/bill of materials, but those common F/LOSS licences are declared in an SPDX format. The proprietor of proprietary software could easily enclose theirs in SPDX Licence Expressions as defined in Appendix IV.
 
K3n.

SPDX Becomes Internationally Recognized Standard for Software Bill of Materials

Posted Sep 13, 2021 16:22 UTC (Mon) by perennialmind (guest, #45817) [Link]

There's also the explicit `NONE` for "all rights reserved". That and `NOASSERTION` are special cases slated to be promoted to AND-able expressions.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds