Developing software is a bit like playing LEGO: You assemble thousands of Open Source (OSS) components into a new product. Once assembled, the origin of the individual building blocks is difficult to trace – with consequences for compliance and security. Software development rarely starts from scratch. Development teams fall back on existing “legacy” code, work with third-party suppliers and rely