SBOM Implementation Reality - The SPDX Lite Profile for First Step

Explore the SPDX Lite profile, a lightweight and compact Software Bill of Materials (SBOM) specification, in this 38-minute conference talk by Norio Kobota from Sony Group Corporation and Takashi Ninjouji from Toshiba Corporation. Discover the background and purpose of SPDX Lite, designed to simplify SBOM creation for companies with limited resources. Learn how this profile addresses the growing importance of SBOMs in government and industry contexts. Examine JSON examples demonstrating practical SBOM implementation using the Lite profile of SPDX 3.0. Gain insights into the collaborative efforts between the OpenChain and SPDX projects to make SBOMs more accessible and practical for security assurance and license compliance. Understand how SPDX Lite facilitates SBOM sharing across global software supply chains in various industries. Acquire knowledge on taking the first steps towards creating an SBOM that meets regulatory requirements through multiple example documents presented during the session.

SBOM Implementation Reality - the SPDX Lite Profile for First Step - Norio Kobota & Takashi Ninjouji