So, you measure the time from when the harm has surfaced to the harm is mitigated. And when the actual harm, albeit slower to respond initially, you see a good-faith effort. This is exactly like bug bounties and responsible disclosure and so on in cybersecurity. After a while, you very quickly see which companies are the ones that respond in a good-faith to the white hat hackers and which ones are not.