Developers interested in gauging the security of open source components have an abundant number of choices, but they still have to choose to use the information to audit the components in their ...