The text discusses the nuances of security vulnerabilities (CVEs) in software development, highlighting the importance of understanding the risk boundary when protecting an artefact, distinguishing between expected and unexpected behavior, and recognizing that configuration is part of the codebase. It also touches on the challenges of identifying and classifying CVEs due to the increasing number of vulnerable systems and the ease with which vulnerabilities can be raised. The article suggests that instead of rushing to judgment about every potential security issue, the industry should take a step back to critically think about what constitutes a vulnerability and how to mitigate them effectively, considering factors such as user awareness, documentation, and education.