[stephendicato]

Knowing if your application's dependencies have released security patches isn't just valuable, it's necessary. It's very painful and time consuming to monitor email lists, websites, RSS feeds, and GitHub issues for relevant information.

In my opinion, providing that information in a timely and actionable way, such as telling me when and how to update, is a useful service. When looking for a solution for Python applications I found https://requires.io/. It's a clever implementation since it reads a requirements file and is therefore easy to "deploy" and get immediately value from.

Your marketing leans towards 0-day protection. The challenge is doing anything actionable with knowledge of a new 0-day. Unless there is a patch available, which implies the discloser worked with the project/vendor, or a known workaround in lieu of official patch, how is your service doing to help?

What's your plan for supporting more operating systems, languages, and ecosystems? Are you curating information about security disclosures and software releases, or simply checking if newer versions of packages are available?