I can think of several ways: log analysis, methodology analysis, analysis of code comments writing style/errors, keeping the vulnerability in and finding home calls, human intelligence.