March 12-14, 2019 - Half Moon Bay, CA
Click Here For Information
Back To Schedule
Wednesday, March 13 • 4:00pm - 4:30pm
SPDX: Bridging the Compliance Tooling Gap - Gary O’Neall, CEO, Source Auditor & Steve Winslow, Director of Strategic Programs, The Linux Foundation

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Any organization which utilizes open source software needs to comply with the open source license terms and the specific security policies of their industry.  To satisfy the basic requirement of knowing the specific open source packages included in the software, several tools have been produced which create or manage a software “Bill of Materials”.  The Software Package Data Exchange (SPDX) defines a standard format for a Bill of Materials which can facilitate harmonious integration of multiple tools.

This talk will discuss the current state of SPDX, the compliance tooling landscape, and work underway to better facilitate compliance tool interoperability.

avatar for Gary O’Neall

Gary O’Neall

CEO, Source Auditor Inc.
Gary is a contributor to the Software Package Data Exchange® (SPDX™) - a standard format for communicating the components, licenses and copyrights associated with a software package. Gary has contributed several open source tools which can be found at https://github.com/spdx/tools... Read More →
avatar for Steve Winslow

Steve Winslow

Director of Strategic Programs, The Linux Foundation
Steve Winslow is Director of Strategic Programs at The Linux Foundation. He runs The Linux Foundation’s license scanning and analysis service, advising projects about licenses identified in their source code and dependencies. Steve is also involved with projects including SPDX... Read More →

Wednesday March 13, 2019 4:00pm - 4:30pm
Salon 1