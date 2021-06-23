Backed by many of the world’s largest companies for more than a decade, the Software Package Data Exchange (SPDX) specification is now an internationally recognized ISO/IEC JTC 1 standard.

The Linux Foundation announced Thursday that the SPDX specification has been published as ISO/IEC 5962:2021. It is now the open standard for security, license compliance, and other software supply chain artifacts.

This comes during a transformational time for software and supply chain security.