**SPDX (Software Package Data Exchange):** ISO/IEC 5962:2021 standard. Originally focused on license compliance, now expanded to security. - **CycloneDX:** OWASP standard designed specifically for security use cases. Supports vulnerability attribution, services, and formulation (build process docume