Philippe Ombredanne

Impact on SMEs (7th Open Call)

PURL makes it easier to integrate multiple SBOM tools for CRA compliance, lowering the costs of compliance for SMEs.

Impact on society (7th Open Call)

The expected impact of this project to usher PURL standardization will significantly improve the accuracy of how free and open source software packages are identified and reported in SBOMs. Software developers - both of open source projects and commercial software vendors - will be able to rely on a stable and widely-accepted international standard, across tooling and data for Software Composition Analysis (SCA), SBOMs, and open source compliance. This will greatly improve the overall security posture of any software using free and open source software packages which itself is the vast majority of software. As a universal identifier for packages, PURL enables the exchange of software inventories across partners in the software supply chain and SCA and SBOM tooling and data. This makes PURL the foundation of all SBOM and VEX standards, which are critical for cybersecurity and essential for compliance with upcoming regulations like the European Union's Cyber Resilience Act. Any recipient of an SBOM can rely on PURL as the unique identifier to query vulnerability databases for package metadata and other information about the package used in the software product or service.