?um/p1-90`For the purposes of this document, the following terms and definitions apply. Terms explicitly defined in this Standard are not to be presumed to refer implicitly to similar terms defined elsewhere.
A formal declaration that something is true or accurate, often backed by documentation or verification from an authoritative source. It serves as a confirmation or proof of a fact, condition, or compliance with specific standards or requirements.
A person who creates written works, such as software or data.
The purpose for which a software component exists. Examples of component functions include parsers, database persistence, and authentication providers.
The general classification of a software components architecture. Examples of component types include libraries, frameworks, applications, containers, and operating systems.
An entity that develops and produces products such as virtual or physical goods.
A component that is referenced by a main (metadata) component itself.
An ecosystem-agnostic specification which standardizes the syntax and location information of software components.
Data which describes the lineage and/or process for which software has been created or altered.
The process of agreeing to terms and acquiring physical or virtual goods or services.
The chain of custody and origin of a software component. Provenance incorporates the point of origin through distribution as well as derivatives in the case of software that has been modified.
An entity that offers services, infrastructure, or platforms. These services can include computing resources, storage, software applications, and networking capabilities.
An entity that produces and distributes content, such as software, to the public.
An ISO standard that formalizes XML records that uniquely identify software products, versions, and installations to support asset management, security, and compliance.
A Linux Foundation project which produces a standardized list of open source licences and defines an expression language for those licences.
An entity that provides products or services to another entity, typically within a supply chain.
Any software component not directly created including open source, "source available", and commercial or proprietary software.
A software component that is indirectly used by another component by means of being a dependency of a dependency.