Widespread Industry Support for SPDX 1.0
“SPDX gives us an easy way to get data about licenses in open source projects,” said Guillaume Rousseau, CEO, Antelink. “As a participant in the SPDX beta program, we have found the SPDX specification to be simple, straightforward and easy to work with. We’re very happy to support the SPDX efforts, and look forward to implementing SPDX 1.0 in our search engine of open source files!”
Black Duck Software
“Black Duck’s mission is to enable open source adoption while automating governance and compliance. SPDX is completely aligned with this mission, and so from the outset, we have been eager to invest our resources and expertise in the initiative,” said Phil Odence, vice president of Business Development, Black Duck Software.
“We look forward to the opportunity of working with upstream projects using SPDX and/or DEP5 to make it easier to understand the licensing associated with those projects,” said Kate Stewart, Ubuntu Release Manager.
“Having a consistent way to describe licenses that’s shared by Debian’s DEP5 and the SPDX working group will help the entire ecosystem provide accurate licensing information for open source projects,” said Steve Langasek, Debian DEP5 co-editor.
“Fedora is pleased to have participated in the development of the SPDX specification. SPDX will help shine a light on Free and Open Source
Software licensing,” said Tom “spot” Callaway, Fedora Engineering Manager.
“Open source is an extremely valuable asset to HP and the technology industry. With so many open source components throughout the software supply chain, organizations need a common format to simplify their license compliance efforts,” said Phil Robb, director, HP Open Source Program Office. “By streamlining the process, the SPDX standard addresses how license information is shared, while reducing the risks and costs of compliance for organizations. This represents the next step of industry-wide due diligence to ensure the ongoing success of open source into the future by respecting the rights and wishes of its authors.”
“The broad adoption of SPDX by independent software vendors will substantially reduce the overhead involved in open source adoption and compliance,” said Thomas Incorvia, vice president of Product Licensing at Micro Focus.
“SPDX 1.0 is a crucial first step toward establishing the processes and tools that will support the application of supply chain best practices to component-based software development,” said Michael Herzog, CEO of nexB Inc. “It will assist organizations of all sizes and types in their efforts to comply with open source license obligations, and it also provides a solid building block for managing other types of software license data in the future.”
“As we work with enterprises to help them comply with open source licenses, one of the challenges they face is getting a complete understanding of what open source licenses are included in their products. SPDX will provide an important step forward by standardizing the way that licenses information is communicated and sharing that information across the software supply chain,” said Kim Weins, senior vice president of Marketing at OpenLogic. “Our audit and scanning tools will support the SPDX spec to help automate these compliance processes.”
“We applaud the work of the SPDX working group on helping to simplify and standardize references to software licenses and build on the naming work that OSI’s volunteers were already doing. OSI has already adopted SPDX in the definitive list of licenses at http://opensource.org/licenses,” said
Michael Tiemann, president, the Open Source Initiative (OSI). “The SPDX workgroup has leveraged more than a decade of the work at OSI in reviewing licenses for their impact on software freedom. By using the SPDX set of standard short-form license names, the entire open source ecosystem will be able to communicate in a consistent manner, especially to identify and avoid code under SPDX-identified licenses that are not OSI-approved.”
“SPDX will enable more organizations to freely use open source software in their products and streamline the license compliance process. Having a standard in place will benefit both the Linux and open source communities as a whole. All of our System 4 products will fully support SPDX 1.0,” Kamal Hassin, VP of Product Management, Protecode.
“Source Auditor is pleased to be a contributor to SPDX specification and tools,” said Gary O’Neall, CEO of Source Auditor. “By incorporating SPDX into our processes and tools, we will enable our customers and their suppliers to reduce the cost and complexity of complying with open source license obligations.”
“SPDX is a great resource that allows TI to understand all licensing information for the open source components of our software packages,” said Jack Manbeck, manager, Open Source Review Board, TI. “TI is committed to providing customers with full knowledge of all components included in TI software packages and assuring compliance with all applicable open source licenses. SPDX enables us to do this quickly, efficiently and cost-effectively.”
“SPDX is another step towards advancing Linux and open source software in embedded markets,” said Paul Anderson, vice president of marketing and strategy for Linux products at Wind River. “As an active participant in both the SPDX workgroup and Beta program, Wind River has developed a strong understanding and appreciation of how SDPX can benefit embedded device vendors. SPDX can ease compliance by standardizing the way license and copyright information is shared across the entire supply chain.”