The current state of SBOMs and SPDX

Updates for 2023


Software Bill of Materials (SBOMs) are rapidly becoming increasingly important in the software supply chain. Software Package Data Exchange (SPDX) is a freely available ISO standard that defines the way of communicating information about software components. It includes, but is not limited to, metadata such as name and version, but also licensing and security information.

In this talk, we will present the latest updates from the ever-changing landscape of SBOMs and SPDX, focusing in real-world use cases. Familiarity with the concepts will not be assumed, as they will be briefly explained.