The idea is to take SHA512 sums of language packages, such as Jar or Egg files, and matching the sums against a database. The database will have sum to CVE list so that someone would be able to scan their packages and find issues.
Copyright © 2013 Black Duck Software, Inc. and its contributors, Some Rights Reserved. Unless otherwise marked, this work is licensed under a Creative Commons Attribution 3.0 Unported License . Ohloh ® and the Ohloh logo are trademarks of Black Duck Software, Inc. in the United States and/or other jurisdictions. All other trademarks are the property of their respective holders.