spdx · kestewart · Sep 3, 2024 · Jul 16, 2024
diff --git a/docs/cross-reference.md b/docs/cross-reference.md
@@ -1,4 +1,4 @@
-# Annex I: Cross referencing in SPDX 3 (Informative)
+# Cross referencing in SPDX 3
 
 This document will walk though how to refer to SPDX Elements across documents
 (e.g. cross reference).

diff --git a/docs/getting-started.md b/docs/getting-started.md
@@ -1,4 +1,4 @@
-# Annex B: Getting started writing SPDX 3 (Informative)
+# Getting started writing SPDX 3
 ## (a.k.a My First SPDX File)
 
 This guide is designed to walk you through the concepts behind an SPDX

diff --git a/docs/including-security-information-in-SPDX.md b/docs/including-security-information-in-SPDX.md
@@ -1,4 +1,4 @@
-# Annex G: Including Security Information in a SPDX document
+# Including Security Information in a SPDX document
 
 The flexibility of SPDX 3.0 allows users to either link SBOMs to external security vulnerability data or to embed security vulnerability information in the SPDX 3.0 data format. For more details about the differences, read ["Capturing Software Vulnerability Data in SPDX 3.0"](https://spdx.dev/capturing-software-vulnerability-data-in-spdx-3-0/).
 

diff --git a/docs/using-SPDX-short-identifiers-in-source-files.md b/docs/using-SPDX-short-identifiers-in-source-files.md
@@ -1,8 +1,8 @@
-# Annex E: Using SPDX license list short identifiers in source files (Informative)
+# Using SPDX license list short identifiers in source files
 
 TODO: update for SPDXv3
 
-## E.1 Introduction <a name="E.1"></a>
+## Introduction
 
 Identifying the license for open source software is critical for both reporting purposes and license compliance. However, determining the license can sometimes be difficult due to a lack of information or ambiguous information. Even when licensing information is present, a lack of consistent notation can make automating the task of license detection very difficult, thus requiring vast amounts of human effort.
 
@@ -18,11 +18,11 @@ Identifying the license for open source software is critical for both reporting
 * An SPDX short identifier is immutable.
 * Easy look-ups and cross-references to the SPDX License List website.
 
-If using SPDX short identifiers in individual files, it is recommended to reproduce the full license in the projects LICENSE file and indicate that SPDX short identifiers are being used to refer to it. For links to projects illustrating these scenarios, see [https://spdx.dev/ids-where](https://spdx.dev/ids-where).
+If using SPDX short identifiers in individual files, it is recommended to reproduce the full license in the projects LICENSE file and indicate that SPDX short identifiers are being used to refer to it.
 
-## E.2 Format for SPDX-License-Identifier <a name="E.2"></a>
+## Format for `SPDX-License-Identifier`
 
-The SPDX-License-Identifier tag declares the license the file is under and should be placed at or near the top of the file in a comment. 
+The `SPDX-License-Identifier` tag declares the license the file is under and should be placed at or near the top of the file in a comment. 
 
 The SPDX License Identifier syntax may consist of a single license (represented by a short identifier from the [SPDX license list](https://spdx.org/licenses/)) or a compound set of licenses (represented by joining together multiple licenses using the license expression syntax).
 
@@ -32,7 +32,7 @@ The tag should appear on its own line in the source file, generally as part of a
 SPDX-License-Identifier: <SPDX License Expression>
 ```
 
-## E.3 Representing single license <a name="E.3"></a>
+## Representing single license
 
 A single license is represented by using the short identifier from [SPDX license list](https://spdx.org/licenses/), optionally with a unary "+" operator following it to indicate "or later" versions may be applicable.
 
@@ -43,13 +43,13 @@ SPDX-License-Identifier: CDDL-1.0+
 SPDX-License-Identifier: MIT
 ```
 
-## E.4 Representing multiple licenses <a name="E.4"></a>
+## Representing multiple licenses
 
-Multiple licenses can be represented using an SPDX license expression as defined in Annex [D](SPDX-license-expressions.md). A set of licenses may optionally be enclosed in parentheses, but are not required to be enclosed. As further described there:
+Multiple licenses can be represented using an SPDX *license expression* as defined in the specification Annex. A set of licenses may optionally be enclosed in parentheses, but are not required to be enclosed. As further described there:
 
 1. When there is a choice between licenses ("disjunctive license"), they should be separated with "OR". If presented with a choice between two or more licenses, use the disjunctive binary "OR" operator to construct a new license expression.
 2. Similarly when multiple licenses need to be simultaneously applied ("conjunctive license"), they should be separated with "AND". If required to simultaneously comply with two or more licenses, use the conjunctive binary "AND" operator to construct a new license expression.
-3. In some cases, a set of license terms apply except under special circumstances, in this case, use the "WITH" operator followed by one of the [recognized exception identifiers](https://spdx.org/licenses/exceptions-index.html).
+3. In some cases, a set of license terms apply except under special circumstances, in this case, use the "WITH" operator followed by one of the [recognized exception identifiers](https://spdx.org/licenses/exceptions-index.html) or a custom addition.
 4. The expression MUST be on a single line, and MUST NOT include a line break in the middle of the expression.
 
 Examples:
@@ -60,7 +60,7 @@ SPDX-License-Identifier: LGPL-2.1-only AND BSD-2-Clause
 SPDX-License-Identifier: GPL-2.0-or-later WITH Bison-exception-2.2
 ```
 
-Please see Annex [D](SPDX-license-expressions.md) for more examples and details of the license expression specific syntax.
+Please see the specification Annex for more examples and details of the license expression specific syntax.
 
 If you can’t express the license(s) as an expression using identifiers from the SPDX list, it is probably best to just put the text of your license header in the file (if there is a standard header), or refer to a neutral site URL where the text can be found. To request a license be added to the SPDX License List, please follow the process described here: [https://github.com/spdx/license-list-XML/blob/master/CONTRIBUTING.md](https://github.com/spdx/license-list-XML/blob/master/CONTRIBUTING.md).
 
@@ -70,4 +70,5 @@ Alternatively, you can use a `LicenseRef-` custom license identifier to refer to
 SPDX-License-Identifier: LicenseRef-my-special-license
 ```
 
-The `LicenseRef-` format is defined in Annex [D](SPDX-license-expressions.md). When using a custom `LicenseRef-` identifier, you will also need to provide a way for others to determine what license text corresponds to it. [Version 3.0 of the REUSE Software Specification](https://reuse.software/spec/) provides a standardized format that can optionally be used for providing the corresponding license text for these identifiers.
+The `LicenseRef-` format is defined in the SPDX specification Annex defining license expressions. When using a custom `LicenseRef-` identifier, you will also need to provide a way for others to determine what license text corresponds to it. The [REUSE Software Specification](https://reuse.software/spec/) provides a standardized format that can optionally be used for providing the corresponding license text for these identifiers.
+
diff --git a/docs/using-SPDX-to-comply-with-industry-guidance.md b/docs/using-SPDX-to-comply-with-industry-guidance.md
@@ -1,6 +1,6 @@
-# Annex F: Using SPDX to comply with Norms, Standards and Regulation (Informative)
+# Using SPDX to comply with Norms, Standards and Regulation
 
-## F.1 Satisfying NTIA Minimum Elements for an SBOM using SPDX / US Executive Order 14028 <a name="F.1"></a>
+## Satisfying NTIA Minimum Elements for an SBOM using SPDX / US Executive Order 14028
 
 US Executive Order 14028 in conjunction with the National Telecommunications and Information Administration (NTIA) outlined minimum elements for an SBOM. The minimum elements are detailed in [NTIA's Framing Software Component Transparency: Establishing a Common Software Bill of Maternials](https://www.ntia.gov/files/ntia/publications/framingsbom_20191112.pdf) and [The Minimum Elements for a SBOM](https://www.ntia.doc.gov/files/ntia/publications/sbom_minimum_elements_report.pdf) documents and summarized below:
 
@@ -29,7 +29,7 @@ The SPDX Specification contains fields able to address each of the NTIA minimum
 | Relationship | [Core/Classes/Relationship](https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/Relationship/) |
 | Timestamp | [Core/Classes/CreationInfo.created](https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/CreationInfo/) |
 
-## F.2 BSI TR-03183 - Technical Guideline Cyber Resilience Requirements for Manufacturers and Products <a name="F.2"></a>
+## BSI TR-03183 - Technical Guideline Cyber Resilience Requirements for Manufacturers and Products
 
 The German BSI is actively propagating its technical guideline in preparation for adopting and detailing the 
 requirements of the [EU Cyber Resilience Act](https://www.europarl.europa.eu/doceo/document/TA-9-2024-0130_EN.html)