What about CVE's that need a binary (compiled c code) to test if the system is vulnerable? How should that be addressed? See for example the [test code](https://gist.github.com/amlweems/6e78d03810548b4867d6) for [CVE-2015-0235 aka GHOST](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235)
What about CVE's that need a binary (compiled c code) to test if the system is vulnerable? How should that be addressed?
See for example the test code for CVE-2015-0235 aka GHOST