...
Ability to obtain rich information on security vulnerabilities for open source components
Ability to verify that a security vulnerability reported for an open-source component used in a software project is actually referenced from proprietary code – indicating a real vulnerability
Ability to identify the file and line number of the call originating from proprietary code that references code in an open-source component reported to have a security vulnerability.
Ability to visualize open-source usage, through a clear depiction of the trace (or traces, if applicable) of a call originating from proprietary code to the open-source code reported to have a security vulnerability
Ability to evaluate reported security vulnerabilities against effective security vulnerabilities
Ability to integrate advanced analytic processing with external tools, development environments and frameworks, through a dedicated API
...