I refer to above tool that our developer wanted to use. Can provide comments on
a) is there a site or source that regularly produce/track for new vulnerabilities for that software
b) are patches being produced regularly : is this considered an Opensource and release of patches is not contractually required?
If there's no regular patchings, what are the precautions we ought to take? Eg: use it on an air-gap PC without Internet access?