Something is not right: databases of known FOSS software vulnerabilities are mostly proprietary and privately maintained. Why is there no free and open data solution alternative? After all this is all about FOSS code. Security data is too important to not be free. "Using Components with Known Vulnerabilities" is one of the OWASP Top 10 Most Critical Web Application Security Risks. Identifying such vulnerable components is currently hindered by data structures and tools that are (1) designed primarily for proprietary software components and (2) incomplete and too dependent on voluntary submissions to the National Vulnerability Database sponsored by the US government. With the explosion of FOSS usage we need a new approach to efficiently catalog and identify FOSS security vulnerabilities based on open data and FOSS tools. Find how about the FOSS tools we have built to aggregate, relate together and curate software component vulnerability data from multiple sources and automate the search for FOSS component security vulnerabilities. Help us build the security commons and improve the security of software applications with open tools and data for everyone.