SPDX Workgroup Introduces Software Package Data Exchange Standard

To advance Linux and open source software in embedded markets, the SPDX workgroup, hosted by The Linux Foundation (News - Alert), has released version 1.0 of its Software Package Data Exchange (SPDX) standard.

According to a press release, this standard helps facilitate compliance with free and open source software licenses by standardizing the way license information is shared across the software supply chain. SPDX offers a common format for companies and communities to share important data about software licenses and copyrights, thereby streamlining and improving compliance.

“The SPDX 1.0 standard is an example of how open compliance and collaboration can enable the advancement of Linux and open source software," said Jim Zemlin (News - Alert), executive director of The Linux Foundation. "We applaud the SPDX workgroup for its important work on providing a consistent way to report and view license information for software technology components, making it even easier for companies to maximize their investments in free and open source software."

Many companies like Alcatel-Lucent, Antelink, Black Duck Software, Canonical, HP, Micro Focus, Motorola Mobility, nexB Inc, OpenLogic, Palamida, Protecode, Source (News - Alert) Auditor, Texas Instruments and Wind River support SPDX. Participants in the SPDX beta program included Antelink, HP, Motorola Mobility, Texas Instruments and Wind River.

"Today we're seeing collaboration among industry experts come to fruition in SPDX 1.0," said Esteban Rockett, co-founder of SPDX and lead software counsel  at Motorola (News - Alert) Mobility (an SPDX beta participant). "Representatives from the community, vendors and companies that use open source have come together to deliver a standard, accompanied with tools, that will make it easier to determine and comply with license obligations in a software bill of materials. This reduces compliance anxiety and costs, and further accelerates the adoption of Linux and other free and open source software."

"The announcement of the initial release of the SPDX standard is a welcome event, because SPDX is a crucial building block in an industry-wide system of automated license compliance administration," said Eben Moglen, executive director of the Software Freedom Law Center. "The efforts of the SPDX workgroup will ultimately help to realize large cost savings for all parties making commercial use of embedded FOSS, as well as substantially increased assurance of license compliance for FOSS licensors."

In other company news, TMCnet reported that System 4 now fully supports the Software Package Data Exchange (SPDX) standard, and also includes a package pre-approval workflow application, Code Administrator.