How do you monitor your software and hardware components regarding security vulnerabilities? CVE? This post is about some (rare?) cases when your product nevertheless will be vulnerable.