How do you find out a vulnerability in a program's code if its not open source..I mean is it just random testing for certain things?