Re-usage of Open Source Software (OSS) has increased in commercial software development by orders of magnitude. This presentation will show how OSS vulnerabilities can be managed at large scale (about 10,000 OSS usages in our case), and how to address sins from the past. At last a concept will be shown which automates the analysis of the exploitability potential of an insecure OSS component.