A penetration tester is conducting passive reconnaissance to gather information about the security posture of a company. Which source would provide the most comprehensive list of known vulnerabilities associated with the company's publicly acknowledged software?
Common vulnerabilities and exposures (CVE) listings
Job listings revealing the technology stack
Common weakness enumeration (CWE) listings
Strategic search engine analysis of the company