This solution helps our customers to understand what really lies in their application. In terms of the open source components, it can show the dependencies that other components are relying on, which you don't see. For example, if your application is packaged with other stuff, it would help to pull up all of the dependencies. It will list all of the open source dependencies in the entire library and show details about what they are using. It highlights what the developers have done, and it shows the impact from an intellectual property point of view.

This can also impact them from a security perspective. For example, it can tell you about the health of an application. What we often see is that developers are using an older version of an open source component, and they don't change it because it works. In cases where a newer version is available, we are able to show them what old components they are using, and the age of those components. This gives them a measure of health for their application in terms of operational risk. If an application were to break tomorrow, the chances that it can be quickly fixed may be dependent on the age of the component.

Largely, this is the kind of value we use Black Duck to provide to customers in this part of the world.