Was it discovered manually?
Vulnerabilities can be found in one of two ways: manually or automated.
**Manual approaches** to finding vulnerabilities can vary widely. Sometimes a vulnerability is disocovered by accident, other times found intentionally through ethical penetration testing or nefarious motives.
In most cases, very little is known about how many of these vulnerabilities were originally found. The historical record does not usually include a story of how they found it, just the report of the problem.
Automated approaches can include static analysis alerts, compiler warnings, and fuzz testers. To learn more about those approaches, see [:tag:Discovered Automaticaly](/tags/discover-automated).