Learn how Fortify and Sonatype have co-developed “susceptibility analysis” to enable developers and application security engineers to understand whether a publicly disclosed vulnerability has been actually invoked in your custom code and, more importantly, whether attacker-controlled input reaches that function. No magic, no empty promises, just good research from Sonatype on the patching function and deep dive static analysis from Fortify.