Topic: spdx

When only one SBOM will do, consider these formats

A software bill of materials (SBOM) is a tool designed to share detailed information on code components in a standardized way. The SBOM has become an increasingly important tool for both application security purposes and governmental compliance.  To minimize inconsistencies and encourage greater transparency, three primary SBOM formats have emerged, each of which allow companies to … continue reading

Open Source Summit: AWS open sources Cedar, SPDX Release Candidate 3.0, and OpenSSF updates

Open Source Summit North America is taking place this week in Vancouver. The event, hosted by the Linux Foundation, is a celebration of the open source community. It has the support of many major players in the industry, with news announced during the event coming from AWS, Meta, and more.  Here are highlights of the … continue reading

2020 Software Supply Chain Must-Knows

Open source software is taking the world of software development into new frontiers and changing the way industries create and consume software. However, there is a learning curve with open source use and businesses need to not only be able to trust the open source software being used in their solutions, but they need to … continue reading

Linux Foundation takes on the FOSSology project

The Linux Foundation is taking on open-source license compliance through the FOSSology project. FOSSology is a software system and toolkit designed to help technology companies understand and adhere to open-source licenses. “As Linux and open source have become the primary building blocks for creating today’s most innovative technologies, projects like FOSSology are more relevant than … continue reading

Navigating through an open-source world

Open-source software is becoming the backbone of the software development industry, helping to spur innovation, reduce time to market and lower costs. According to Jim Zemlin, executive director of the Linux Foundation, almost every device or piece of software we use today contains some open-source code. “There are hundreds and thousands of products and services … continue reading

SPDX version 2.0 is released

A Linux Foundation workgroup is determined to make it easier to work with open-source code and comply with licenses with the release of the Software Package Data Exchange (SPDX) specification 2.0. “When creating products from open-source code, it is important to respect the terms of the license in the code, if you’re going to use … continue reading

Black Duck Software Announces Support for SPDX Version 1.0

Integration supports open exchange of software license information, streamline supply chain collaboration … continue reading Protection Status