SPDX Version 3 Released


The tool has been renamed to System Package Data Exchange.

Version 3 of the newly renamed System Package Data Exchange (SPDX) was announced at Open Source Summit North America, reports Steven J. Vaughan-Nichols.

SPDX (previously known as Software Package Data Exchange) provides “a standard way for companies to standardize their license and component information (metadata) in software bills of materials (SBOMs) to ease the discovery and labeling of open source components in their products,” Vaughan-Nichols says.

The latest version of SPDX extends beyond software through the addition of profiles, he explains. “It starts with a core SPDX profile that includes all programs, hardware projects, AI, Software as a Service, you name it. Above it are profiles for additional metadata for security, licensing and build information.”

Learn more at The New Stack.


comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=