iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 5962:2021

(Main)

Information technology — SPDX® Specification V2.2.1

Information technology — SPDX® Specification V2.2.1

This Software Package Data Exchange® (SPDX®) specification defines a standard data format for communicating the component and metadata information associated with software packages. An SPDX document can be associated with a set of software packages, files or snippets and contains information about the software in the SPDX format described in this specification.

Technologies de l'information — Spécification SPDX® V2.2.1

General Information

Status
Published
Publication Date
23-Aug-2021
ICS
35.080 - Software
Technical Committee
ISO/IEC JTC 1 - Information technology
Drafting Committee
ISO/IEC JTC 1 - Information technology
Current Stage
6060 - International Standard published
Start Date
24-Aug-2021
Due Date
03-Oct-2022
Completion Date
24-Aug-2021
Ref Project
ISO/IEC 5962:2021 - Information technology -- SPDX® Specification V2.2.1ISO/IEC 5962:2021 - Information technology -- SPDX® Specification V2.2.1
PreviousNext
Standard
ISO/IEC 5962:2021 - Information technology -- SPDX® Specification V2.2.1
English language
145 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


INTERNATIONAL ISO/IEC
STANDARD 5962
First edition
2021-08
Information technology — SPDX®
Specification V2.2.1
Technologies de l'information — Spécification SPDX® V2.2.1
Reference number
©
ISO/IEC 2021
© ISO/IEC 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2021 – All rights reserved

Contents
Foreword . xiii
Introduction . xiii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Conformance . 3
4.1 SPDX Current and Previous Versions . 3
4.2 Obsolete features . 3
4.3 Alternate notation for some conformance requirements . 3
4.4 Standard data format requirements . 4
4.5 Trademark Compliance . 5
4.6 The SPDX Lite profile . 5
5 Composition of an SPDX document . 6
5.1 What this specification covers . 6
5.2 Sections . 7
5.2.1 SPDX document creation information section . 7
5.2.2 Package information section . 7
5.2.3 File information section . 8
5.2.4 Snippet information section . 8
5.2.5 Other licensing information detected section . 9
5.2.6 Relationships between SPDX elements information section . 9
5.2.7 Annotations information section . 9
5.2.8 Review information section . 9
5.3 What this specification does not cover . 10
6 SPDX document creation information section . 10
6.1 SPDX version field . 10
6.1.1 Description . 10
6.1.2 Intent . 10
6.1.3 Examples . 10
6.2 Data license field . 11
6.2.1 Description . 11
6.2.2 Intent . 11
6.2.3 Examples . 11
6.3 SPDX identifier field . 12
6.3.1 Description . 12
6.3.2 Intent . 12
6.3.3 Examples . 12
6.4 Document name field . 12
6.4.1 Description . 12
6.4.2 Intent . 13
6.4.3 Examples . 13
6.5 SPDX document namespace field . 13
6.5.1 Description . 13
6.5.2 Intent . 14
6.5.3 Examples . 15
6.6 External document references field . 15
6.6.1 Description . 15
6.6.2 Intent . 15
© ISO/IEC 2021 – All rights reserved iii

6.6.3 Examples .16
6.7 License list version field .16
6.7.1 Description .16
6.7.2 Intent .17
6.7.3 Examples .17
6.8 Creator field .17
6.8.1 Description .17
6.8.2 Intent .18
6.8.3 Examples .18
6.9 Created field .18
6.9.1 Description .18
6.9.2 Intent .19
6.9.3 Examples .19
6.10 Creator comment field.19
6.10.1 Description .19
6.10.2 Intent .20
6.10.3 Examples .20
6.11 Document comment field .20
6.11.1 Description .20
6.11.2 Intent .21
6.11.3 Examples .21
7 Package information section .21
7.1 Package name field .21
7.1.1 Description .21
7.1.2 Intent .21
7.1.3 Examples .21
7.2 Package SPDX identifier field .22
7.2.1 Description .22
7.2.2 Intent .22
7.2.3 Examples .22
7.3 Package version field .23
7.3.1 Description .23
7.3.2 Intent .23
7.3.3 Examples .23
7.4 Package file name field .23
7.4.1 Description .23
7.4.2 Intent .24
7.4.3 Examples .24
7.5 Package supplier field .24
7.5.1
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 21031:2024(Main)
Information technology — Software Carbon Intensity (SCI) specification

This document describes a methodology for calculating the rate of carbon emissions for a software system; that is, its SCI score. The purpose of this score is to increase awareness and transparency of an application's sustainability credentials. The score will help software practitioners make better, evidence-based decisions during system design, development, and deployment, that will ultimately minimize carbon emissions. A reliable, consistent, fair and comparable measure allows targets to be defined during development and progress to be tracked.

  • Standard
    9 pages
    English language
    sale 15% off
ISO
ISO/IEC 5055:2021(Main)
Information technology — Software measurement — Software quality measurement — Automated source code quality measures

The measures in this standard were calculated from detecting and counting violations of good architectural and coding practices in the source code that could result in unacceptable operational risks or excessive costs. Establishing standards for these measures at the source code level is important because they have been used in outsourcing and system development contracts without having international standards to reference. For instance, the ISO/IEC 25000 series of standards that govern software product quality provide only a small set of measures at the source code level. A primary objective of updating these measures was to extend their applicability to embedded software, which is especially important for the growing implementation of embedded devices and the Internet of Things. Functionality that has traditionally been implemented in IT applications is now being moved to embedded chips. Since the weaknesses included in the measures specified in this document have been found to be applicable to all forms of software, embedded software is not treated separately in this specification.

  • Standard
    235 pages
    English language
    sale 15% off
ISO
ISO/IEC 19515:2019(Main)
Information technology — Object Management Group Automated Function Points (AFP), 1.0

1.1 Purpose This International Standard defines a method for automating the counting of Function Points that is generally consistent with the Function Point Counting Practices Manual, Release 4.3.1 (IFPUG CPM) produced by the International Function Point Users Group (IFPUG). Guidelines in this International Standard may differ from those in the IFPUG CPM at points where subjective judgments have to be replaced by the rules needed for automation. The IFPUG CPM was selected as the anchor for this International Standard because it is the most widely used functional measurement specification with a large supporting infrastructure maintained by a professional organization. 1.2 Applicability This International Standard is applicable to the functional sizing of transaction-oriented software applications, and in particular those with data persistency. To be consistent with the IFPUG CPM, the International Standard provides details on the support of applications using relational databases. However, the International Standard can be used and extended for any type of transactional application with data persistency. 1.3 Limitations This International Standard does not address the sizing of enhancements to an application or maintained functionality (often called Enhancement Function Points). Extensions of the automated counting methods described in this International Standard such as Automated Enhancement Function Points will be addressed in future addendums to this International Standard. This International Standard does not address sizing for the non-functional components of a software application. Non-functional components (as defined by IFPUG) include: — Structural Quality Constraints Reliability, Security, Performance Efficiency, Maintainability, etc. — Organizational Constraints locations for operations, target hardware, compliance to standards, etc. — Environmental Constraints interoperability, security, privacy, safety, etc. — Implementation Constraints development language, delivery schedule, etc.

  • Standard
    28 pages
    English language
    sale 15% off
ISO
ISO/IEC 24570:2018(Main)
Software engineering — NESMA functional size measurement method — Definitions and counting guidelines for the application of function point analysis

ISO/IEC 24570:2018 specifies the set of definitions, rules and guidelines for applying the Nesma Function Point Analysis (FPA) method.

  • Standard
    70 pages
    English language
    sale 15% off
ISO
ISO/IEC 19513:2017(Main)
Information technology — Object Management Group Unified Profile for DoDAF and MODAF (UPDM), 2.1.1

This International Standard provides a specification language, UPDM, that is readily understandable not only by the community of architects of information technology systems but also by a wide range of end users including executives and enterprise management that sponsor such systems, program managers that oversee their development, developers of supporting hardware and software (design, implementation, and testing), subject matter experts, and end users. UPDM bridges the gap from setting of requirements to high level system design and to visualization for practitioners. While designed in the context of military organizations and their procurement processes, UPDM can also be applied in entirely civilian industrial and service organization contexts. UPDM 2.1.1 supports the capability to: ? model architectures for a broad range of complex systems, which may include hardware, software, data, personnel, and facility elements; ? model consistent architectures for system-of-systems down to lower levels of design and implementation; ? model service oriented architectures; ? support the analysis, specification, design, and verification of complex systems; and ? improve the ability to exchange architecture information among related tools that are UML based and tools that are based on other standards. The profile provides the modeling of operational capabilities, services, system activities, nodes, system functions, ports, protocols, interfaces, performance, and physical properties and units of measure. In addition, the profile enables the modeling of related architecture concepts such as DoD's doctrine, organization, training material, leadership & education, personnel, and facilities (DOTMLPF) and the equivalent UK Ministry of Defence Lines of Development (DLOD) elements. UPDM 2.1.1, as illustrated in Figure 1.1, addresses DoDAF and MODAF Viewpoints as well as enabling extensions to new architecture perspectives (e.g., Services views, Custom views, Logistics views cost views, etc.). MODAF terminology has been used for simplicity.

  • Standard
    415 pages
    English language
    sale 15% off
ISO
ISO/IEC 19678:2015(Main)
Information Technology — BIOS Protection Guidelines

ISO 19678:2015 provides requirements and guidelines for preventing the unauthorized modification of Basic Input/Output System (BIOS) firmware on PC client systems. Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of the BIOS's unique and privileged position within the PC architecture. A malicious BIOS modification could be part of a sophisticated, targeted attack on an organization ?either a permanent denial of service (if the BIOS is corrupted) or a persistent malware presence (if the BIOS is implanted with malware). As used in this publication, the term BIOS refers to conventional BIOS, Extensible Firmware Interface (EFI) BIOS, and Unified Extensible Firmware Interface (UEFI) BIOS. This International Standard applies to system BIOS firmware (e.g., conventional BIOS or UEFI BIOS) stored in the system flash memory of computer systems, including portions that may be formatted as Option ROMs. However, it does not apply to Option ROMs, UEFI drivers, and firmware stored elsewhere in a computer system. Subclause 7.2 provides platform vendors with requirements for a secure BIOS update process. Additionally, subclause 7.3 provides guidelines for managing the BIOS in an operational environment. While this International Standard focuses on current and future x86 and x64 client platforms, the controls and procedures are independent of any particular system design.

  • Standard
    15 pages
    English language
    sale 15% off
ISO
ISO/IEC 40500:2012(Main)
Information technology — W3C Web Content Accessibility Guidelines (WCAG) 2.0

ISO/IEC 40500:2012 [Web Content Accessibility Guidelines (WCAG) 2.0] covers a wide range of recommendations for making Web content more accessible. Following these guidelines will make content accessible to a wider range of people with disabilities, including blindness and low vision, deafness and hearing loss, learning disabilities, cognitive limitations, limited movement, speech disabilities, photo-sensitivity and combinations of these. Following these guidelines will also often make your Web content more usable to users in general. WCAG 2.0 success criteria are written as testable statements that are not technology-specific. Guidance about satisfying the success criteria in specific technologies, as well as general information about interpreting the success criteria, is provided in separate documents. An overview of WCAG 2.0, the WCAG 2.0 standard, technical and education material supporting implementation of WCAG 2.0, and information on translating WCAG 2.0, are freely available from Web Content Accessibility Guidelines (WCAG) Overview.

  • Standard
    2 pages
    English language
    sale 15% off
ISO
ISO/IEC 17998:2012(Main)
Information technology — SOA Governance Framework

ISO/IEC 17998:2012 describes a framework that provides context and definitions to enable organizations to understand and deploy service-oriented architecture (SOA) governance. ISO/IEC 17998:2012 defines: SOA Governance, including its relationship between Business, IT, and EA governance; this assists organizations in understanding the impact that the introduction of SOA into an organization has on governance; an SOA Governance Reference Model (SGRM) and its constituent parts, which assists organizations in specifying their appropriate governance regimes; and capturing best practice as a basis for a common approach; the SOA Governance Vitality Method (SGVM) which assists organizations in customizing the SGRM and realizing their SOA Governance Regimen. ISO/IEC 17998:2012 is not intended to be used as provided; it is intended to be customized to create appropriate SOA governance for the organization. Many of the lists are non-normative and exemplary and intended to be filtered and as input to the customization process. ISO/IEC 17998:2012 does not include an explanation of the fundamentals and value of SOA, which is important for being able to understand and apply SOA governance. It lists some of the many other specifications and books that are available on SOA basics.

  • Standard
    87 pages
    English language
    sale 15% off
ISO
ISO/IEC 19500-2:2012(Main)
Information technology — Object Management Group — Common Object Request Broker Architecture (CORBA) — Part 2: Interoperability

ISO/IEC 19500-2:2012 specifies a comprehensive, flexible approach to supporting networks of objects that are distributed across and managed by multiple, heterogeneous CORBA-compliant Object Request Brokers (ORBs). The approach to inter-ORB operation is universal, because elements can be combined in many ways to satisfy a very broad range of needs. ISO/IEC 19500-2:2012 specifies ORB interoperability architecture Inter-ORB bridge support General Inter-ORB Protocol (GIOP) for object request broker (ORB) interoperability. GIOP can be mapped onto any connection-oriented transport protocol that meets a minimal set of assumptions defined by this International Standard Internet Inter-ORB Protocol (IIOP), a specific mapping of the GIOP which runs directly over connections that use the Internet Protocol and the Transmission Control Protocol (TCP/IP connections) CORBA Security Attribute Service (SAS) protocol and its use within the CSIv2 architecture to address the requirements of CORBA security for interoperable authentication, delegation, and privileges ISO/IEC 19500-2:2012 provides a widely implemented and used particularization of ITU-T Rec. X.931 | ISO/IEC 14752. It supports interoperability and location transparency in ODP systems.

  • Standard
    226 pages
    English language
    sale 15% off
ISO
ISO/IEC 19500-3:2012(Main)
Information technology — Object Management Group — Common Object Request Broker Architecture (CORBA) — Part 3: Components

ISO/IEC 19500-3:2012 defines the syntax and semantics of a component model, based on CORBA IDL, and a corresponding meta-model, a language to describe the structure and state of component implementations, and a corresponding meta-model, a programming model for constructing component implementations, a runtime environment for component implementations, interaction between components and Enterprise Java Beans, meta-data for describing component-based applications, and interfaces for their deployment, and a lightweight subset of the component model, programming model and runtime environment.

  • Standard
    339 pages
    English language
    sale 15% off