A new vulnerability has been identified in a widely-used software. What steps do you take to mitigate risk?