How do we verify vulnerabilities have been remediated?