How has the recent turmoil within the OpenAI offices changed your plans to use GPT in a business process or product in 2024?
Increased uncertainty means we are more likely to evaluate alternative AI chatbots and LLMs.
No change in plans, though we will keep an eye on the situation.
With Sam Altman back in charge, we are more likely to go all-in with GPT and LLMs.
What recent turmoil?
Security / Software Development

OpenSSF Brings SBOM and SDPX to Python

The Open Source Security Foundation's (OpenSSF) SBOM Everywhere plan goes live with funding for an SDPX Python library.
Sep 14th, 2022 11:23am by
Featued image for: OpenSSF Brings SBOM and SDPX to Python

Dublin, Ireland — At Open Source Summit Europe, the Open Source Security Foundation (OpenSSF) announced that it had the funding needed to implement SBOM Everywhere, its plan to bring software bill of materials (SBOM) to all programming languages and frameworks, into Python.

The goal is to improve the resiliency and security of all open source software. Its first steps towards SBOM success came with funding work on the Software Package Data Exchange (SPDX) Python library. Work on the project started on September 1st.

SBOMs, SPDX and Python

SPDX is the ISO standard for describing SBOMs. While Python already had an SPDX library, it’s fallen out of date because of a lack of support. As I think we all know, most developers don’t like to work on security.

Josh Bressers, ​​Anchore VP of Security and Kate Stewart SPDX Tech Lead, explained, “The SPDX python library needed updating to bring it in line with more modern versions of SPDX and turning the code into something that is easier to maintain to make community contributions less difficult. What the SPDX python library didn’t have was volunteers with the right skills or funding to get the work done. However, the OpenSSF did have funding that could accomplish this.”

Once that’s done, it will be much easier to create SBOMs for any Python program. And this, in turn, will make it much easier to secure from your code’s start of your development pipeline all the way to production. I like this plan.

OpenSSF Control

Just because the OpenSSF is paying for the code improvement doesn’t mean it will control the SPDX Python library. That’s not what this is about. The Python Software Foundation and Founder/President Guido van Rossum will still call the shots. The OpenSSF leadership is doing this because the work of securing all open source software, “is much bigger than just the OpenSSF and will benefit the entire open source community.”

Brian Behlendorf, the OpenSSF General Manager, said at the Summit that more languages would soon be getting the support they needed to add SBOMs as integral parts of their management development pipelines. It can’t come soon enough.

Group Created with Sketch.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.