WALTHAM, Mass., Aug. 17, 2011 — Black Duck Software, the leading global provider of strategy, products and services for automating the management, governance and secure use of open source software, today announced support for the release of the Software Package Data Exchange (SPDX) Version 1 open source standard in the Black Duck Suite.
SPDX is an industry standard for communicating the open source components, licenses and copyrights associated with a software package. SPDX provides a uniform approach to documenting and sharing metadata about software packages, making it more efficient for supply chain partners to communicate. The standard’s top objective is to help companies more easily comply with software licensing obligations.
Black Duck, which has the largest customer base in the open source code and license management industry, will generate SPDX output as part of the reporting capability of the Black Duck Suite. There will be no additional cost for Black Duck’s rapidly expanding base of 1,000 customers located in 24 countries.
“As a Black Duck customer and an active supporter of the SPDX standard, Texas Instruments is pleased that Protex™ now supports SPDX,” said Jack Manbeck, manager, Open Source Review Board, TI Texas Instruments. “Having such tools will help the community propagate the use of SPDX and enhance supply chain efficiency.”
Black Duck co-chairs the Linux Foundation’s SPDX Working Group that brings together representatives from open source projects, vendors, and corporate users across the industry and around the globe; the Black Duck technology team actively contributes to the standard.
“Black Duck is proud to be instrumental in developing the SPDX standard, which we are confident will benefit the entire open source community,” said Phil Odence, vice president, business development, Black Duck Software, and co-chair of the SPDX Working Group. “Making it easier to communicate open source obligations will not only enable greater compliance, but will also increase the efficiency of supply chains. We’re happy to encourage this by offering SPDX output to our users at no additional cost.”
To learn more about Black Duck’s involvement and to review a whitepaper and short presentation explaining the SPDX standard, visit: http://www.blackducksoftware.com/spdx.
For more information on the SPDX Working Group and the SPDX standard, visit: http://spdx.org.