Document and Share BOMs
The Software Package Data Exchange® (SPDX®) is an evolving standard for communicating the open source content, licenses and copyrights associated with a software package. The purpose of the standard is to help companies in a software supply chain more easily comply with software licensing obligations.
- Chairing the SPDX workgroup
- Actively participating in the three SPDX teams: Technical, Business and Legal
- Authoring the first SPDX whitepaper
- Developing and evolving the structure of the spdx.org website and supporting the SPDX beta process
- Implementing SPDX software BOM in the Black Duck® Suite at no additional cost to customers