In a kinetic warfare or authoritarian context, this is rather a life safety vulnerability. In the industry, we call this the crossover from Information Security (InfoSec) to Operational Security (OpSec), where a digital flaw becomes a Kinetic Threat.

Right, but if a country being at war or in a authoritarian regime is a precondition for the vulnerability to pose a threat, it's not really a scenario that would warrant a high scoring in some vulnerability scoring system. For sure it's a weakness and would score higher if the purpose of the technology were military.

But since this is a civilian application and not military, it doesn't seem sensible to rate vulnerabilities according to military use. The intended scope of the application makes a huge difference legally and operationally and should be triaged accordingly.

[flagged]