> logic based vulnerabilities like a ReDoS pattern identified from source without live exploitation, or an admin-only route that's never been exercised

The two classes of vulnerability given as examples are the exact kind of issue I probably don’t care about, and are not grounded in an actual security model