This is not at all how security researchers think of it. Security vulnerabilities are very broad, they can be exploited through social engineering, through incompetent employees who do not have rigorous password standards, etc. If you narrow security vulnerabilities to coding mistakes, you're neglecting your customers.
