A method, computerized apparatus and computer program product, the method comprising: obtaining computer code; determining from the computer code a collection of components reachable from the computer code; providing information about the components to a server; identifying by the server using information retrieved from a database, reachable components associated with the collection of components, which have stored vulnerabilities; determining from the computer code and the reachable components that have stored vulnerabilities, a collection of reachable finer resolution components; identifying, further components from the collection of reachable finer resolution components, which have stored vulnerabilities; and outputting information about the further components, wherein the computer code cannot be reconstructed from the information about the collection of components and the information about the finer resolution components.