If you discovered a critical vulnerability in software just before a release, what steps would you take?