In this talk at the FOSDEM conference in 2023, the speaker discusses the differences between the Cyclone DX and SPDX standards in the context of software bill of materials (S-bom). They explain that Cyclone DX focuses on package level metadata, while SPDX can also look at source files. The speaker mentions that the two standards are functionally equivalent at the package level and efforts are being made to help interchange between them. They also highlight the importance of transparency and the need for S-boms in critical infrastructure, such as medical devices and IoT. The speaker mentions the progress being made in the medical device area and the expectation for S-boms at regulatory level. The audience also raises questions about tooling for conversion between Cyclone DX and SPDX, as well as the involvement of chip providers in providing S-boms for hardware blocks with software counterparts. Overall, the talk emphasizes the importance of S-boms for transparency, compliance, and security in software development and the need for collaboration and standardization in the industry.