Vulnerability scanners cannot reliably agree on which software is vulnerable. When CPE strings are malformed, PURL identifiers inconsistently populated, or version normalization diverges across tools, the same exploitable library gets flagged by one scanner and silently passed by another. Fragmentation across NVD, CVE.org, OSV, and EUVD compounds the problem. This talk reframes scanner disagreement as an exploitable property, presents empirical false negative rates across ecosystems and scanners, and releases faultline, an open-source tool surfacing per-package confidence scores from inter-scanner agreement.