Open Source Summit Japan 2023

The OpenChain Project Japan WG holds regular meetings to explore Software Bill of Materials (SBOM). Our focus is on practical adoption and use of SBOM both from a community and corporate perspective, and our scope is global usage in the supply chain. The meetings have already resulted in tangible outcomes like SPDX Lite for SPDX2.3 in Appendix G, and we continue to develop practical material to guide and support SBOM use. ​ This session consists of three parts: the trend of SBOM in Japan, our contribution to the SPDX3.0, and our expectation about future spread of SBOMs in Japan. First, we will introduce the importance of SBOM for the software supply chain secuirty and its activities in Japan. Second, We will demonstrate the material to understand the SPDX3.0. Because the specification is significantly diffirent than previous versions, we are worried that it will take a lot of time for users to catch up with the specification. In addition, we will explain our contribution and how we are encouraging stakeholders to contribute to it. Finally, we summarize how our stakeholders see SPDX operating in Japan moving forward, and provide insight into how interested parties around the world can learn from our experience. Attendees of this session will be able to overview the SBOM activities in Japan, and deepen their knowledge about the SPDX3.0 specification and the benefits by SPDX3.0.