Silicon Valley venture capital (VC) juggernaut Sequoia is backing a fledgling Danish startup to build a next-gen software composition analysis (SCA) tool, one that promises to help companies filter through the noise and identify vulnerabilities that are a genuine threat. For context, most software contains at least some open source components, many of which are out-of-date and irregularly -- if at all -- maintained. This has led to all manner of security flaws, such as Log4Shell which impacted the open source Java logging framework Log4j and led to breaches impacting high-profile organisations such as a U.S. Federal agency which failed to patch the bug.