Linux Foundation's SPDX aims to ease compliance

The Linux Foundation hosted SPDX workgroup has launched its Software Package Data Exchange (SPDX) standard Version 1.0, in a bid to aid the cumbersome issue of compliance.

The SPDX standard assists in assuring compliance with open source and free software licences by standardising the methodology of sharing of licence information across the supply chain.

According to the SPDX workgroup, the new offering will reduce redundant work by establishing a common format for businesses and communities with which they will be able to share vital software copyright and licensing data.

Jim Zemlin, executive director of The Linux Foundation applauded the SPDX 1.0 standard. “We applaud the SPDX workgroup for its important work on providing a consistent way to report and view license information for software technology components, making it even easier for companies to maximize their investments in free and open source software,” he said.

The SPDX naming convention has been already adopted by the Open Source Initiative to catalogue open source licences.