Loading…
25-27, August 2025
Amsterdam, Netherlands
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit Europe 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central European Summer Time, CEST (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right. 

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
← Back to schedule
Better PURLs for Better Software Compliance Processes - Philippe Ombredanne, AboutCode & Dennis Roellke, Bloomberg
Monday August 25, 2025 13:30 - 14:10 CEST
G106
Reliably identifying software components is a critical requirement for regulatory compliance. 

PURL is the de-facto standard for the reliable naming of components in software applications, products, and systems, across programming languages, package ecosystems, tools, APIs and databases. Every open source and most proprietary tools for Software Composition Analysis (SCA), along with all SBOM and Vulnerability Exploitability Exchange (VEX) specifications and most vulnerability databases, adopted PURL for component identification. But a 2024 Software Composition Analysis (SCA) report demonstrated significant inconsistencies in how different tools create PURLs… 

Better PURLs is a comprehensive project of open source tools and open data to correct this problem. The extended PURL syntax validation confirms that the PURL components (namespace, name, version, qualifiers) are correct for a given package ecosystem, according to the specification, and that the PURL locates an existing software package artifact. 

In this talk, Philippe from AboutCode and Dennis from Bloomberg will share the latest developments and how accurate and correct PURLs facilitate better compliance processes.
Speakers
avatar for Philippe Ombredanne

Philippe Ombredanne

Lead maintainer, AboutCode
Philippe Ombredanne is a FOSS hacker passionate about enabling easier and safer reuse of open source code. He is the lead maintainer of the AboutCode stack of open source tools for Software Composition Analysis and license and security compliance, including the industry-leading ScanCode... Read More →
DR

Dennis Roellke

Security Architect, Bloomberg
Dennis is a Cloud Security Architect in the CTO Office at Bloomberg.
Monday August 25, 2025 13:30 - 14:10 CEST
G106
  Standards & Specifications
  • Audience Experience Level Any

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Need help? View Support Guides
Event questions? Contact Event Planner
©2025 Sched About Privacy Terms
Share Modal

Share this link via

Or copy link