Supporting Comments: SPDX 1.1
"SPDX standards are truly beneficial at integrating and automating the way organizations receive open source license information. These standards help to communicate information clearly, while providing the global open source community with compliance guidelines for improving software lifecycle management,” said Guillaume Rousseau, CEO, Antelink.
“The SPDX standard is crucial to efficient open source adoption and compliance, which is perfectly aligned with Black Duck’s mission,” said Tim Yeaton, president and CEO, Black Duck. “Our customers benefit from the ability of our products to output accurate, complete SPDX reports, and with this new update, SPDX becomes even more useful. As the specification evolves, we look forward to continuing to play a leading role in the initiative as we have from its inception, and we will continue to enhance our offerings to address customer needs.”
"Customers of OpenLogic's OSS Deep Discovery scanner can automatically generate an SPDX file from their scanning results," explained Steve Grandchamp, CEO of OpenLogic. "OpenLogic has been a leader in developing the SPDX specification, dedicating resources to the technical, legal and business SPDX workgroups from the beginning. Industry standards such as SPDX are well received by the market and represent significant progress in the adoption of open source software, and we are pleased to be part of the group championing the effort."
“SPDX is a testament to industry’s recognition and fulfillment of a real need in the software supply chain process,” said Kamyar Emami, COO, Protecode. “Protecode has been offering SPDX 1.0 support as a standard capability in its products and it is now adding SPDX 1.1 extensions to its on-premise System 4TM and hosted ProtecodeCloud solutions.”
“Source Auditor has contributed open source tools that can help users produce, view and validate SPDX files. We incorporate these tools as part of our service to deliver SPDX formatted Bill of Materials results to our open source audit customers,” said Gary O’Neall, CEO Source Auditor Inc.
"The FOSSology open source project is an invaluable resource to analyze and study open source software. The University of Nebraska Omaha is happy to announce a public instance of FOSSology that is now freely available to open source projects, corporate users, and academic institutions that wish to analyze open source software for licensing and copyright, as well as educate students on these important issues. We are also kicking off a project to develop an SPDX agent for FOSSology that will automate the process of producing SPDX 1.1," said Matt Germonprez, associate professor, University of Nebraska, UNO Project.
"The license identification tool Ninka is supporting SPDX licenses identifiers, and it is expected to generate SPDX compliant documents in the short future,” said Daniel M. German, professor, Department of Computer Science, University of Victoria.
“Instead of analyzing thousands of source files, SPDX provides one standard repository of licensing information. It is an important format for preparing and delivering open source licensing materials,” said Chris Buerger, senior director of open platform products at Wind River. “A key part of advancing Linux innovation is to help clear obstacles, and together with the Linux Foundation we’re better facilitating the license review process allowing customers to focus on development. Wind River continues to leverage the SPDX format by incorporating it into our licensing review process and making it available to customers in select offerings.”