How do you assess whether a vulnerability in a SaaS platform could lead to financial or privacy breaches?