Security vulnerabilities often arise from complex interactions between software components, where assumptions made by one component are broken by another, leading to confusion over who should address the issue. This was exemplified by CVE-2020-15145, a local privilege escalation vulnerability in the Windows version of the Composer installer for PHP, which was caused by insecure directory permissions in the system PATH. Despite the risk of DLL planting and privilege elevation, confusion over responsibility can delay remediation, as seen in this case where both Composer and Windows had roles to play. While Composer's developers ultimately fixed the issue, the incident highlights the need for both application and system-level security measures to ensure that vulnerabilities are addressed promptly and effectively. Security is a shared responsibility, requiring clear understanding and proactive measures to prevent exploitation, as any ambiguity can lead to unintended consequences and insecure behavior.