How would you address a zero-day vulnerability that has been discovered in software used by the organization?