You discover a potential vulnerability in a widely used application. What steps would you take to assess and address the risk?