Resolves YES when these four newspapers’ websites each publish designated coverage of a newly revealed software security vulnerability/exploit as a notable issue, and the vulnerability is assigned a CVE identifier in 2023. Coverage can be in the form of articles, interviews, blogs, videos, etc., and doesn’t have to appear in a paper issue.

Resolves NO if this does not occur by the end of 2023, with a possible delay of a couple of days if there is uncertainty.

Please post links in the comments when you think the threshold is met – I may miss it.

For calibration, AFAICT “Heartbleed” (2014), “WannaCry” (2017), and “Log4shell” (2021) would meet these criteria in the past. “Shellshock” (2014) would not.