"Security is a high priority"
As long as it doesn't cost us any money of course.
I wonder, when they find these security holes do they keep them on file so they can run a regression test against the next version of the SW to make sure it does not have them?
Stupid question, of course they should.
But do they?