# The remediation problem Open-source vulnerabilities are reported every day. The hard part is not knowing they exist. The hard part is **remediating** them. The traditional remediation path is to upgrade the affected package. On paper, that is straightforward: a CVE is published, the maintainer ships a fix, you take the new version. In practice, every layer adds friction. Direct dependencies you do not own. Transitive dependencies you cannot easily change. Frameworks that bundle unrelated breaking changes with every release. Components from before the original authors moved on. Code bases that keep growing while engineering capacity stays roughly fixed. Teams that try to chase every CVE through an upgrade hit the same set of obstacles every quarter, accumulate exceptions for the cases they cannot fix, and watch the open-vulnerability inventory grow regardless. This section explains why. * [Why remediation is hard](/new-documentation/new-docs/remediation-problem/why-remediation-is-hard.md): the upgrade cascade, transitive dependencies, hard-versus-trivial upgrades, the cases where there is no upgrade path, container patching, and EOL components. * [The cost of chasing upgrades](/new-documentation/new-docs/remediation-problem/the-cost-of-chasing-upgrades.md): off-cadence interruptions, the hard-upgrade tail, lost knowledge of legacy components, code bases that grow faster than developers can patch, and the deferred-exception pile that compliance ultimately has to face. If you already know the problem and want the Seal answer, jump to [The Seal approach](/new-documentation/new-docs/seal-approach.md). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sealsecurity.io/new-documentation/new-docs/remediation-problem.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.