SAN FRANCISCO, September 9, 2021 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the Software Package Data Exchange® (SPDX®) specification has been published as ISO/IEC 5962:2021 and recognized as the open standard for security, license compliance, and other software supply chain artifacts. ISO/IEC JTC 1 is an independent, non-governmental standards body.
Read full article on Linux.com