Skip to main content

Linux Foundation Backed SPDX Makes Open Source Compliance Easier

The Linux Foundation hosted SPDX workgroup today officially announced the launch of the Software Package Data Exchange (SPDX) standard Version 1.0.

The SPDX standard has been designed to assist in facilitating compliance with open source and free software licenses by introducing a standardisation in the methodology of sharing of license information across the whole software supply chain.

According to the SPDX workgroup, the new offering will help in reducing redundant work significantly by facilitating a common format for businesses and communities with which they will be able to share vital data regarding the software copyrights and licenses, thus eventually bringing and improved and streamlined compliance standard.

“The SPDX 1.0 standard is an example of how open compliance and collaboration can enable the advancement of Linux and open source software,” Jim Zemlin, executive director of The Linux Foundation said in a statement.

“We applaud the SPDX workgroup for its important work on providing a consistent way to report and view license information for software technology components, making it even easier for companies to maximize their investments in free and open source software,” he added.

Meanwhile in a related development, the SPDX naming convention has been already adopted by the OSI (Open Source Initiative) for maintaining the records for open source licenses.