home.social

#spdx — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #spdx, aggregated by home.social.

  1. Moet de overheid SBOM-standaarden (CycloneDX & SPDX) verplicht toepassen?

    Forum Standaardisatie onderzoekt dit en zoekt experts uit publieke en private sector om mee te denken. Uw kennis over softwarebeveiliging helpt ons bij de toetsing voor de ‘Pas toe of leg uit’-lijst.

    📆 25 juni 2026, 10:00-14:00 (midden-Nederland)
    Lunch is inbegrepen.

    📧 Interesse? Mail ons: [email protected]

    Meer info: forumstandaardisatie.nl/nieuws

    #SBOM #CycloneDX #SPDX #OpenStandaarden #Overheid

  2. Goed nieuws voor de digitale weerbaarheid van de overheid: @forumstandaardisatie zal de intake van #SBOM-standaarden (#CycloneDX en #SPDX) hervatten.

    Een SBOM is als een ingrediëntenlijst voor software: essentieel voor inzicht in de keten en veiligheidsbeheer.

    Waarom nu?
    De onzekerheid over Europese regelgeving is weggenomen:
    👉 NEN-conceptnormen sluiten aan bij de praktijk.
    👉 CycloneDX en SPDX worden erkend.
    👉 Geen normconflicten met de EU.

    Lees meer: forumstandaardisatie.nl/nieuws

  3. Goed nieuws voor de digitale weerbaarheid van de overheid: @forumstandaardisatie zal de intake van #SBOM-standaarden (#CycloneDX en #SPDX) hervatten.

    Een SBOM is als een ingrediëntenlijst voor software: essentieel voor inzicht in de keten en veiligheidsbeheer.

    Waarom nu?
    De onzekerheid over Europese regelgeving is weggenomen:
    👉 NEN-conceptnormen sluiten aan bij de praktijk.
    👉 CycloneDX en SPDX worden erkend.
    👉 Geen normconflicten met de EU.

    Lees meer: forumstandaardisatie.nl/nieuws

  4. Goed nieuws voor de digitale weerbaarheid van de overheid: @forumstandaardisatie zal de intake van #SBOM-standaarden (#CycloneDX en #SPDX) hervatten.

    Een SBOM is als een ingrediëntenlijst voor software: essentieel voor inzicht in de keten en veiligheidsbeheer.

    Waarom nu?
    De onzekerheid over Europese regelgeving is weggenomen:
    👉 NEN-conceptnormen sluiten aan bij de praktijk.
    👉 CycloneDX en SPDX worden erkend.
    👉 Geen normconflicten met de EU.

    Lees meer: forumstandaardisatie.nl/nieuws

  5. Goed nieuws voor de digitale weerbaarheid van de overheid: @forumstandaardisatie zal de intake van #SBOM-standaarden (#CycloneDX en #SPDX) hervatten.

    Een SBOM is als een ingrediëntenlijst voor software: essentieel voor inzicht in de keten en veiligheidsbeheer.

    Waarom nu?
    De onzekerheid over Europese regelgeving is weggenomen:
    👉 NEN-conceptnormen sluiten aan bij de praktijk.
    👉 CycloneDX en SPDX worden erkend.
    👉 Geen normconflicten met de EU.

    Lees meer: forumstandaardisatie.nl/nieuws

  6. Goed nieuws voor de digitale weerbaarheid van de overheid: @forumstandaardisatie zal de intake van #SBOM-standaarden (#CycloneDX en #SPDX) hervatten.

    Een SBOM is als een ingrediëntenlijst voor software: essentieel voor inzicht in de keten en veiligheidsbeheer.

    Waarom nu?
    De onzekerheid over Europese regelgeving is weggenomen:
    👉 NEN-conceptnormen sluiten aan bij de praktijk.
    👉 CycloneDX en SPDX worden erkend.
    👉 Geen normconflicten met de EU.

    Lees meer: forumstandaardisatie.nl/nieuws

  7. New #SPDX License List has been published github.com/spdx/license-list-X
    It includes 33 new licenses and many markup changes to existing licenses. Many of them were added via #Fedora contributors and fedora-license-data.

  8. Back from #FOSDEM and working on the new European SBOM conference in Stockholm April 10th. Send me your ideas for talks!

    #SBOM #CYCLONEDX #SPDX #CYBERSECURITY #CRA #EUCRA

  9. Back from #FOSDEM and working on the new European SBOM conference in Stockholm April 10th. Send me your ideas for talks!

    #SBOM #CYCLONEDX #SPDX #CYBERSECURITY #CRA #EUCRA

  10. Back from #FOSDEM and working on the new European SBOM conference in Stockholm April 10th. Send me your ideas for talks!

    #SBOM #CYCLONEDX #SPDX #CYBERSECURITY #CRA #EUCRA

  11. Back from #FOSDEM and working on the new European SBOM conference in Stockholm April 10th. Send me your ideas for talks!

    #SBOM #CYCLONEDX #SPDX #CYBERSECURITY #CRA #EUCRA

  12. Back from #FOSDEM and working on the new European SBOM conference in Stockholm April 10th. Send me your ideas for talks!

    #SBOM #CYCLONEDX #SPDX #CYBERSECURITY #CRA #EUCRA

  13. The slides for my presentation "Please sign your artefacts. WITH WHAT?" at #FOSDEM in the Security devroom are now available for viewing. A video will be coming soon.

    fosdem.org/2026/schedule/event

    #SBOM #SPDX #CYCLONEDX #OWASP #CYBERSECURITY #PKILOVE #pki

  14. The slides for my presentation "Please sign your artefacts. WITH WHAT?" at #FOSDEM in the Security devroom are now available for viewing. A video will be coming soon.

    fosdem.org/2026/schedule/event

    #SBOM #SPDX #CYCLONEDX #OWASP #CYBERSECURITY #PKILOVE #pki

  15. The slides for my presentation "Please sign your artefacts. WITH WHAT?" at #FOSDEM in the Security devroom are now available for viewing. A video will be coming soon.

    fosdem.org/2026/schedule/event

    #SBOM #SPDX #CYCLONEDX #OWASP #CYBERSECURITY #PKILOVE #pki

  16. The slides for my presentation "Please sign your artefacts. WITH WHAT?" at #FOSDEM in the Security devroom are now available for viewing. A video will be coming soon.

    fosdem.org/2026/schedule/event

    #SBOM #SPDX #CYCLONEDX #OWASP #CYBERSECURITY #PKILOVE #pki

  17. The slides for my presentation "Please sign your artefacts. WITH WHAT?" at #FOSDEM in the Security devroom are now available for viewing. A video will be coming soon.

    fosdem.org/2026/schedule/event

    #SBOM #SPDX #CYCLONEDX #OWASP #CYBERSECURITY #PKILOVE #pki

  18. At the #AboutCode SBOM tools workshop we talked about creating a way of continuing the discussions. I've just created a #SBOM-tools slack channel in the @orcwg space. Join us to discuss #SBOM tools and interoperability!

    orcwg.org/participate/

    #SBOM #CYCLONEDX #SPDX #PURL

  19. At the #AboutCode SBOM tools workshop we talked about creating a way of continuing the discussions. I've just created a #SBOM-tools slack channel in the @orcwg space. Join us to discuss #SBOM tools and interoperability!

    orcwg.org/participate/

    #SBOM #CYCLONEDX #SPDX #PURL

  20. At the #AboutCode SBOM tools workshop we talked about creating a way of continuing the discussions. I've just created a #SBOM-tools slack channel in the @orcwg space. Join us to discuss #SBOM tools and interoperability!

    orcwg.org/participate/

    #SBOM #CYCLONEDX #SPDX #PURL

  21. At the #AboutCode SBOM tools workshop we talked about creating a way of continuing the discussions. I've just created a #SBOM-tools slack channel in the @orcwg space. Join us to discuss #SBOM tools and interoperability!

    orcwg.org/participate/

    #SBOM #CYCLONEDX #SPDX #PURL

  22. At the #AboutCode SBOM tools workshop we talked about creating a way of continuing the discussions. I've just created a #SBOM-tools slack channel in the @orcwg space. Join us to discuss #SBOM tools and interoperability!

    orcwg.org/participate/

    #SBOM #CYCLONEDX #SPDX #PURL

  23. Finally, complete the v1 of spdxconv.

    spdxconv is a program to convert existing licenses and copyrights into identifiers or insert new ones. This program works in tandem with software.

    Features:

    * REUSE Integration: Detects annotations from REUSE.toml.
    * Customizable Defaults: Set default license identifiers and copyright holders.
    * Smart Comments: Customizable patterns to set comment syntax ...

    See git.sr.ht/~shulhan/spdxconv/ for more information.

  24. PEP 770 was accepted in April of this year, what has happened since then?

    * Published a white paper on PEP 770 and phantom dependencies
    * Auditwheel, manylinux, and cibuildwheel adoption
    * Over 300 projects already ship with PEP 770 SBOM data
    * Fedora and Red Hat adopted PEP 770 for Python packages

    Read more: sethmlarson.dev/pep-770-sbom-d

    #Python #SBOM #CycloneDX #SPDX #auditwheel #cibuildwheel

  25. PEP 770 was accepted in April of this year, what has happened since then?

    * Published a white paper on PEP 770 and phantom dependencies
    * Auditwheel, manylinux, and cibuildwheel adoption
    * Over 300 projects already ship with PEP 770 SBOM data
    * Fedora and Red Hat adopted PEP 770 for Python packages

    Read more: sethmlarson.dev/pep-770-sbom-d

    #Python #SBOM #CycloneDX #SPDX #auditwheel #cibuildwheel

  26. PEP 770 was accepted in April of this year, what has happened since then?

    * Published a white paper on PEP 770 and phantom dependencies
    * Auditwheel, manylinux, and cibuildwheel adoption
    * Over 300 projects already ship with PEP 770 SBOM data
    * Fedora and Red Hat adopted PEP 770 for Python packages

    Read more: sethmlarson.dev/pep-770-sbom-d

    #Python #SBOM #CycloneDX #SPDX #auditwheel #cibuildwheel

  27. PEP 770 was accepted in April of this year, what has happened since then?

    * Published a white paper on PEP 770 and phantom dependencies
    * Auditwheel, manylinux, and cibuildwheel adoption
    * Over 300 projects already ship with PEP 770 SBOM data
    * Fedora and Red Hat adopted PEP 770 for Python packages

    Read more: sethmlarson.dev/pep-770-sbom-d

    #Python #SBOM #CycloneDX #SPDX #auditwheel #cibuildwheel

  28. PEP 770 was accepted in April of this year, what has happened since then?

    * Published a white paper on PEP 770 and phantom dependencies
    * Auditwheel, manylinux, and cibuildwheel adoption
    * Over 300 projects already ship with PEP 770 SBOM data
    * Fedora and Red Hat adopted PEP 770 for Python packages

    Read more: sethmlarson.dev/pep-770-sbom-d

    #Python #SBOM #CycloneDX #SPDX #auditwheel #cibuildwheel

  29. @herrfrankmann #SPDX #cybersecurity #csa #enisa #programming

    spdx.github.io/spdx-spec/v3.0.

    "The data may be serialized in a variety of formats for storage and transmission."

    "Canonical serialization is in JSON format"+ extra conditions.

    Is it just me or is that really, really stupid.

    How hard do you have to miss the point of defining a standard, when the output data needs further specification.

    Needlessly too.

    "No line breaks"

    Your (standard) parser can't handle line breaks or what?!?

  30. Naslednje #Kiberpipa srečanje bo

    v četrtek, 11.12. ob 17h
    v @muzej|u in sicer:

    • najprej bo @hook vodil delavnico o #REUSE dobrih praksah za označevanje svoje programske kode z #SPDX standardnimi oznakami za avtorstvo in licence. (bring your own code)

    • nato bosta @franga2000 in [email protected] predstavila kako deluje Zakon o dostopu do javnih informacij (#ZDIJZ) v praksi.

    dogodki.kompot.si/events/ee116
    več info in pofočkaj se ☝️

    #OprtaKoda #FOSS #JavniPodatki

  31. Naslednje #Kiberpipa srečanje bo

    v četrtek, 11.12. ob 17h
    v @muzej|u in sicer:

    • najprej bo @hook vodil delavnico o #REUSE dobrih praksah za označevanje svoje programske kode z #SPDX standardnimi oznakami za avtorstvo in licence. (bring your own code)

    • nato bosta @franga2000 in [email protected] predstavila kako deluje Zakon o dostopu do javnih informacij (#ZDIJZ) v praksi.

    dogodki.kompot.si/events/ee116
    več info in pofočkaj se ☝️

    #OprtaKoda #FOSS #JavniPodatki

  32. Naslednje #Kiberpipa srečanje bo

    v četrtek, 11.12. ob 17h
    v @muzej|u in sicer:

    • najprej bo @hook vodil delavnico o #REUSE dobrih praksah za označevanje svoje programske kode z #SPDX standardnimi oznakami za avtorstvo in licence. (bring your own code)

    • nato bosta @franga2000 in [email protected] predstavila kako deluje Zakon o dostopu do javnih informacij (#ZDIJZ) v praksi.

    dogodki.kompot.si/events/ee116
    več info in pofočkaj se ☝️

    #OprtaKoda #FOSS #JavniPodatki

  33. Naslednje #Kiberpipa srečanje bo

    v četrtek, 11.12. ob 17h
    v @muzej|u in sicer:

    • najprej bo @hook vodil delavnico o #REUSE dobrih praksah za označevanje svoje programske kode z #SPDX standardnimi oznakami za avtorstvo in licence. (bring your own code)

    • nato bosta @franga2000 in [email protected] predstavila kako deluje Zakon o dostopu do javnih informacij (#ZDIJZ) v praksi.

    dogodki.kompot.si/events/ee116
    več info in pofočkaj se ☝️

    #OprtaKoda #FOSS #JavniPodatki

  34. Naslednje #Kiberpipa srečanje bo

    v četrtek, 11.12. ob 17h
    v @muzej|u in sicer:

    • najprej bo @hook vodil delavnico o #REUSE dobrih praksah za označevanje svoje programske kode z #SPDX standardnimi oznakami za avtorstvo in licence. (bring your own code)

    • nato bosta @franga2000 in [email protected] predstavila kako deluje Zakon o dostopu do javnih informacij (#ZDIJZ) v praksi.

    dogodki.kompot.si/events/ee116
    več info in pofočkaj se ☝️

    #OprtaKoda #FOSS #JavniPodatki

  35. The SPDX community is now creating a new list — similar to the SPDX License List — but focused on cryptographic algorithms. This post shares how this effort started, its current status, the next steps, and a final call for participation.

    toscalix.com/2025/10/14/introd

    #spdx #sbom #cyclonedx #cryptography #algorithm #linuxfoundation

  36. The SPDX community is now creating a new list — similar to the SPDX License List — but focused on cryptographic algorithms. This post shares how this effort started, its current status, the next steps, and a final call for participation.

    toscalix.com/2025/10/14/introd

    #spdx #sbom #cyclonedx #cryptography #algorithm #linuxfoundation

  37. The SPDX community is now creating a new list — similar to the SPDX License List — but focused on cryptographic algorithms. This post shares how this effort started, its current status, the next steps, and a final call for participation.

    toscalix.com/2025/10/14/introd

    #spdx #sbom #cyclonedx #cryptography #algorithm #linuxfoundation

  38. The SPDX community is now creating a new list — similar to the SPDX License List — but focused on cryptographic algorithms. This post shares how this effort started, its current status, the next steps, and a final call for participation.

    toscalix.com/2025/10/14/introd

    #spdx #sbom #cyclonedx #cryptography #algorithm #linuxfoundation

  39. The SPDX community is now creating a new list — similar to the SPDX License List — but focused on cryptographic algorithms. This post shares how this effort started, its current status, the next steps, and a final call for participation.

    toscalix.com/2025/10/14/introd

    #spdx #sbom #cyclonedx #cryptography #algorithm #linuxfoundation