Black Duck Software Announces Support for SPDX Version 1.0


Integrates SPDX into Black Duck Suite to Support Open Exchange of Software License Information, Streamline Supply Chain Collaboration

WALTHAM, Mass. - Black Duck Software, the leading global provider of strategy, products and services for automating the management, governance and secure use of open source software, today announced support for the release of the Software Package Data Exchange® (SPDX(TM)) Version 1 open source standard in the Black Duck® Suite.

SPDX is an industry standard for communicating the open source components, licenses and copyrights associated with a software package. SPDX provides a uniform approach to documenting and sharing metadata about software packages, making it more efficient for supply chain partners to communicate. The standard's top objective is to help companies more easily comply with software licensing obligations.

Black Duck, which has the largest customer base in the open source code and license management industry, will generate SPDX output as part of the reporting capability of the Black Duck Suite. There will be no additional cost for Black Duck's rapidly expanding base of 1,000 customers located in 24 countries.

"As a Black Duck customer and an active supporter of the SPDX standard, Texas Instruments is pleased that Protex(TM) now supports SPDX," said Jack Manbeck, manager, Open Source Review Board, TI Texas Instruments. "Having such tools will help the community propagate the use of SPDX and enhance supply chain efficiency."

Black Duck co - chairs the Linux Foundation's SPDX Working Group that brings together representatives from open source projects, vendors, and corporate users across the industry and around the globe; the Black Duck technology team actively contributes to the standard.

"Black Duck is proud to be instrumental in developing the SPDX standard, which we are confident will benefit the entire open source community," said Phil Odence, vice president, business development, Black Duck Software, and co - chair of the SPDX Working Group. "Making it easier to communicate open source obligations will not only enable greater compliance, but will also increase the efficiency of supply chains. We're happy to encourage this by offering SPDX output to our users at no additional cost."

To learn more about Black Duck's involvement and to review a whitepaper and short presentation explaining the SPDX standard, visit: www.blackducksoftware.com/spdx.

For more information on the SPDX Working Group and the SPDX standard, visit: spdx.org.

About Black Duck Software

Black Duck Software is the leading provider of strategy, products and services for automating the management, governance and secure use of open source software, at enterprise scale, in a multi-source development process. Black Duck(TM) enables companies to shorten time-to-solution and reduce development costs while mitigating the management, compliance and security challenges associated with open source software. Black Duck Software powers Koders.com, the industry's leading code search engine for open source, and Ohloh.net, the largest free public directory of open source software and a vibrant web community of free and open source software developers and users. The company is headquartered near Boston and has offices in San Mateo, California, London, Paris, Frankfurt, Hong Kong, Tokyo and Beijing. For more information, visit www.blackducksoftware.com.

SOURCE Black Duck Software

CONTACT: Sarah Gerrol, Black Duck Software, press@blackducksoftware.com, +1-781-891-5100; or Ann Dalrymple, TopazPartners, adalrymple@topazpartners.com, +1-781-404-2432

Web Site: www.blackducksoftware.com

All Topics