I am a passionate FOSS hacker; lead maintainer of ScanCode, PurlDB and VulnerableCode; and on a mission to enable easier and safer to reuse of FOSS code with best-in-class open source Software Composition Analysis (SCA) tools for open source discovery and license and security compliance at https://aboutcode.org . I am also a co-founder of SPDX and the creator of Package-URL (PURL), a de-facto standard to identify packages in SBOMs, along with SCA tools and a vulnerability database used throughout the industry.