Loading…
November 19-21 2024
Napa, California
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for the event to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Pacific Daylight Time (UTC/GMT -8). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

← Back to schedule
SPDX: From Software to Systems - Gary O'Neall, Source Auditor Inc. & Kate Stewart, The Linux Foundation
Thursday November 21, 2024 12:00pm - 12:30pm PST
Sebastiani & Beringer
The “Software” Product Data Exchange was created in 2010 to provide machine and human readable metadata for licensing information to consumers of open source software. Over the years, the SPDX community has added support for a wide range of additional use cases. Complex software component interactions between open source and proprietary as well as the requirements to support SBOMs optimized for security risk management have been driving forces for many of the changes. With the SPDX 3.0 release and work being done for the upcoming SPDX 3.1 release, the scope of SPDX has expanded beyond software to entire systems including datasets, AI models, services and hardware. This will enable consumers to satisfy additional use cases in areas like product safety and export regulation compliance. With the SPDX 3.0, we’ve renamed SPDX from “Software” Product Data Exchange to “System” Product Data Exchange to better reflect where the project is aiming. In this talk, we’ll go over changes we’ve made to the SPDX model to support systems, the additional profiles that are focused on system level problems and what this means to both the producers and consumers of SPDX data.
Speakers
avatar for Kate Stewart

Kate Stewart

VP Dependable Embedded Systems, Linux Foundation
Kate Stewart works with the safety, security and license compliance communities to advance the adoption of best practices into embedded open source projects. She has launched the ELISA and Zephyr Projects, as well as supporting other embedded projects. With more than 30 years of experience... Read More →
avatar for Gary O'Neall

Gary O'Neall

Founder and Principal Consultant, Source Auditor Inc.
Gary is a contributor to the Software Package Data Exchange® (SPDX™) - an open standard for communicating software bill of material information, including components, licenses, copyrights, and security references. Gary has contributed several open source tools. Gary O’Neall is... Read More →
Thursday November 21, 2024 12:00pm - 12:30pm PST
Sebastiani & Beringer
  Security & Trust & Ethics in Open Source
  • Content Experience Level Any

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Share Modal

Share this link via

Or copy link