General Meeting/Minutes/2020-04-02

Guest Speaker- Allan Friedman, NTIA

NTIA’s Multistakeholder SBOM Process
- Concerns about software supply chain risks have garnered more attention and energy in the OSS community, industry, and governments around the world. One natural starting point is a greater expectation of transparency of software components and dependencies. Any solution must scale up and down the software supply chain, and across the incredibly diverse software ecosystem, from modern CI/CD application development to critical infrastructure and embedded systems. Over the past two years, NTIA has helped a diverse set of stakeholders find a common vision for a "software bill of materials" (SBOM) that has the potential to scale as needed, and serve as a foundation for even more innovation around software supply chain security and quality. The SPDX community has played a key role in this discussion, and emerged as a key standard. This presentation will give an overview of the policy landscape, the progress made, and the work yet to be done around SBOM.
- Allan’s slides https://drive.google.com/open?id=1KOsm6grnSZ5FsSnzTI9ybYT9m84F8Zfe

Finalized updates to license inclusion principles
- Mostly clarifications
- But also to broaden a bit for non-OSS source available licenses
- https://github.com/spdx/license-list-XML/blob/master/DOCS/license-inclusion-principles.md
3.9 list release has been pushed out a bit
- Were waiting for above
- https://github.com/spdx/license-list-XML/issues?q=is%3Aopen+is%3Aissue+milestone%3A%223.9+release%22
In anticipation of 3.0 working on a licensing profile
With Tech Team, updating back end of SPDX website to manage move from Drupal to Wordpress
- Maintaining license URLs
- Static pages moving do a different domain.