Researchers have demonstrated a new tool that analyzes open-source software updates to specify which sections of code are being modified to address recently identified security vulnerabilities. The tool, called VFCFinder, should make it faster and easier for programmers to determine which security updates are necessary to prevent vulnerabilities without having to make unnecessary changes.