If you discovered a vulnerability in a widely used software used in Memorial Hermann Health System environments, how would you handle it?