About SPDX

The Software Package Data Exchange™, or SPDX, is an industry standard for communicating the open source components, licenses and copyrights associated with a software package. SPDX provides a uniform approach to documenting and sharing metadata about software packages, making it more efficient for supply chain partners to communicate. Ultimately, the purpose of the standard is to help companies more easily comply with software licensing obligations.

The standard is developed and maintained by the SPDX workgroup of the Linux Foundation and is a critical element of the foundation’s Open Compliance Program.

Black Duck’s Support of SPDX
Black Duck Software has been instrumental in developing SPDX through participation in the SPDX workgroup. Our involvement includes:

• Co-chairing the group and actively participating in the SPDX group’s three teams: Technical, Business and Legal.
• Authoring the first SPDX whitepaper, developing and evolving the structure of the spdx.org website and supporting the SPDX beta process.
• Implementing the standard in the Black Duck® Suite at no additional cost to customers.

For More Information:

• Read Black Duck’s press release:
  

  Black Duck Software Announces Support for SPDX Version 1.0 - Integrates SPDX into Black Duck Suite to Support Open Exchange of Software License Information, Streamline Supply Chain Collaboration

• Visit the Software Package Data Exchange™ Specification Homepage: www.spdx.org.

• View a short presentation video "Introduction to SPDX" explaining the SPDX standard.

• Download the whitepaper: A Common Software Package Data Exchange™ Format: Who Needs It by Phil Odence, VP, Black Duck Software and Kate Stewart, Release Manager, Canonical