Linux Foundation Working Group's Development of Industry Standard to
Support Open Exchange of Software License Information, Streamline Supply
WALTHAM, Mass., May 3, 2011 /CNW/ -- Black Duck Software, the leading global provider of strategy, products and services for automating the management, governance and secure use of open source software, today announced support for the beta release of the Software Package Data Exchange (SPDX) open source standard.
(Logo: http://photos.prnewswire.com/prnh/20100629/NE27079LOGO )
The standard, under development by the SPDX Working Group of the Linux Foundation, provides a uniform approach for documenting and sharing metadata, including license information, about software components in products and software. Developers and organizations can use SPDX to communicate the content of software "packages" exchanged with other organizations, a critically important step to enable supply chain efficiency and collaboration. Black Duck co-chairs the SPDX Working Group that brings together representatives from open source projects, distributors, and corporate users across the industry and around the globe.
In addition to its leadership role in the SPDX Working Group, Black Duck will support the beta test by implementing SPDX in the Black Duck Suite, which will generate SPDX output as part of its reporting process. Going beyond the current (beta) SPDX definition, and based on early feedback from its customers, Black Duck is testing additional capabilities as part of the beta process. Black Duck's extensive SDK enables integration with the most popular build tools, allowing customers to generate an SPDX document and package the associated software as part of their existing build processes.
Black Duck, which has the largest customer base in the open source code and license management industry, including over 850 customers in 22 countries, will make SPDX support available as an additional, no-cost feature of the Black Duck Suite. Black Duck also intends to introduce support for SPDX across its entire product portfolio when the standard is finalized.
"The SPDX standard will benefit the entire industry by making it easier for companies to comply with open source obligations," said Phil Odence, vice president, business development, Black Duck Software. "This is good news for the open source community. Black Duck is committed to supporting our customers and the community; what is good for open source is good for Black Duck."
For more information on the SPDX Working Group and the SPDX standard, visit: http://spdx.org.
To view a short presentation explaining the SPDX standard, visit: http://www.blackducksoftware.com/spdx/intro_to_spdx.mov.
About Black Duck Software
Black Duck Software is the leading provider of strategy, products and services for automating the management, governance and secure use of open source software, at enterprise scale, in a multi-source development process. Black Duck(TM) enables companies to shorten time-to-solution and reduce development costs while mitigating the management, compliance and security challenges associated with open source software. Black Duck Software powers Koders.com, the industry's leading code search engine for open source, and Ohloh.net, the largest free public directory of open source software and a vibrant web community of free and open source software developers and users. Black Duck is among the 400 largest software companies in the world, according to Softwaremag.com. The company is headquartered near Boston and has offices in San Mateo, California, London, Paris, Frankfurt, Hong Kong, Tokyo and Beijing. For more information, visit www.blackducksoftware.com.
SOURCE Black Duck Software
For further information: Sarah Gerrol, Black Duck Software, firstname.lastname@example.org, +1-781-891-5100; Ann Dalrymple, TopazPartners, email@example.com, +1-781-404-2432 Web Site: http://www.blackducksoftware.com PRN Photo Desk, firstname.lastname@example.org