[efriese]

Oh yeah I know, I think there's value in what you're trying to do. I would pay 9/m if it also covered application dependencies. I was just curious how it works. What's the time between CVE release and getting a notification from your service?

[phillmv]

Well, fortunately, it does!

We currently support Ruby, and in the next three months we'll have Javaland and Python and Node.

Right now most of our data is oriented around patch releases, so it can vary, but in near future we'll be reducing that distance.

[efriese]

+1 for Python. You're probably aware of a company called Sonatype that does something like this during the dev process. Their business is growing fast. As far as I know nobody is doing this in production. I think you've found a nice niche that has a lot of potential. Good luck.