What happens if somebody (maybe anthropic!) uses Claude Code Security to find & fix a vulnerability in some piece of open-source software---openssh, linux kernel, that sort of thing? Can the DoW use the resulting fix?