A Common Software Package Data Exchange™ (SPDX) Format

Authors: Phil Odence, Black Duck Software and Kate Stewart, Canonical

Companies at all points in the supply chain are becoming conscious of the need to treat open source just like any other third party code. They need to know and document the components in the products and software they are consuming and distributing for a variety of reasons, not the least of which is to make sure they understand their legal obligations. Thus the need for a common approach to sharing information about software packages and their related content has never been greater. Breaking down information silos is still a work in progress. Fortunately a new working group is tackling one of the toughest obstacles to sharing information about software packages— collaborating on discovering and sharing information about software packages and their related content, including licenses.

Click Here!