SOURCE: OpenLogic

September 29, 2010 07:10 ET

OpenLogic Announces Scanning and Governance Tools Will Support SPDX™ Specification

OpenLogic's OLEX Will Also Offer SPDX™ Files With Detailed License Information on Leading Open Source Projects

BROOMFIELD, CO--(Marketwire - September 29, 2010) -  OpenLogic, Inc., a provider of enterprise open source software support and governance solutions encompassing hundreds of open source packages, today announced broad support for the Software Package Data Exchange™ (SPDX™) specification.

The Software Package Data Exchange™ (SPDX™) specification helps open source consumers understand the licenses associated with each and every file in an open source package, thereby reducing the effort for license compliance. SPDX™ provides a standard format for communicating the components, licenses and copyrights associated with a software package. This SPDX™ Group is a working group of the Linux Foundation. The SPDX™ specification has been adopted as one of the key elements of the Linux Foundation's Open Compliance Program.

The SPDX™ specification is currently available in beta form. After receiving community input, the final 1.0 version of the SPDX™ specification is expected to be released later this year.

OpenLogic's support for SPDX™ spans several fronts:

  • Development of the SPDX specification: OpenLogic has been involved in the development of SPDX, will continue its participation in the SPDX workgroup
  • Distribution of free SPDX files: As a part of its support for SPDX, OpenLogic will create and freely distribute SPDX files for many popular open source packages on OpenLogic Exchange (OLEX). OLEX features a free online library of open source software packages that have been certified by OpenLogic. Users downloading open source software will now have access to an SPDX file detailing the open source licenses included in the distribution.
  • Integration with OpenLogic scanning and license compliance tools: When the final SPDX specification is released later this year, OpenLogic will provide integration with OpenLogic scanning and license compliance tools. This will enable companies in the software supply chain to automatically process SPDX files from their suppliers and generate SPDX files for their customers.

OpenLogic has used its OSS Deep Discovery scanning tool to create bills of material on leading open source projects and uncover license information needed to create SPDX files. OpenLogic is offering these sample SPDX files based on the beta version of the specification on the OLEX and SPDX websites.

The following projects are available now, with more projects becoming available in the months ahead:

Commons VFS https://olex.openlogic.com/packages/commons-vfs/1.0
Commons Digester https://olex.openlogic.com/packages/commons-digester/1.8
Commons BeanUtils https://olex.openlogic.com/packages/commons-beanutils/1.6
Commons CLI https://olex.openlogic.com/packages/commons-cli/1.1
Commons FileUpload https://olex.openlogic.com/packages/commons-fileupload/1.2.1
zlib version 1.2.5 https://olex.openlogic.com/packages/zlib/1.2.5
zlib 1.2.3 https://olex.openlogic.com/packages/zlib/1.2.3

"The complexity of many open source distributions, which often contain files provided under many different open source licenses, can make open source compliance challenging," said Kim Weins, senior vice president of marketing at OpenLogic. "Our scanning and license compliance tools help automate the process of creating an accurate bill of materials, and now, with support for SPDX, that information can be exchanged with customers and suppliers in a standard format."

"OpenLogic's involvement and support of SPDX is very welcome," said Kate Stewart, co-chair of the SPDX working group. "Repositories with SPDX files, that are freely available like these from OpenLogic, will serve as useful building blocks. We think that the sharing of SPDX files will result in better compliance of open source software and ultimately, increase the enterprise adoption of open source software."

About OpenLogic
OpenLogic is a leading provider of open source solutions that enable enterprises to safely acquire, support, and control open source software. OpenLogic provides enterprises with a certified library of open source software that encompasses hundreds of the most popular open source packages via OpenLogic Exchange (OLEX), a free web site where companies can find, research, and download certified, enterprise-ready open source packages on demand. With the broadest open source coverage in the industry, OpenLogic offers indemnification; updates; and enterprise-grade technical support backed by the OpenLogic Expert Community. OpenLogic also provides solutions for open source governance and to automate the integration and deployment of open source components -- reducing the risk and maximizing the cost savings associated with using open source software. For more on OpenLogic, go to www.openlogic.com.

Contact Information