Network World

SPDX Readies a New Specification for License and Copyright Reporting

The days of endlessly grepping source code for license and copyright information may be coming to a close. If the new Software Package Data Exchange (SPDX) project becomes popular, such information ...
Dark Reading

IBM Contributes Supply Chain Security Tools to OWASP

IBM has contributed two open source supply chain tools — SBOM Utility and License Scanner — to the Open Worldwide Application Security Project (OWASP) Foundation's CycloneDX Software Bill of Materials ...