Assessing and Enhancing the Security of Software Packages