SPDX (Software Package Data Exchange) is an open standard developed by the Linux Foundation to communicate SBOM details, including components, licenses, copyrights, and security references, and is recognized internationally as ISO/IEC 5962:2021.

Authors

• Person: Not available Organization: Department for Science, Innovation and Technology
  Open source software best practices and supply chain risk ... - GOV.UK

Sources

• Open source software best practices and supply chain risk ... - GOV.UK www.gov.uk Department for Science, Innovation and Technology via serper

Referenced by nodes (2)

• The Linux Foundation entity
• SPDX concept