Re: 27 times? In the world of DevOps and so-called "agile"?
Exactly. "We couldn't get it right the first 26 times, but now...".
There's nothing wrong with having tested 28 or more builds, of course. But here the vendor is claiming that they've released at least 28 versions of the application they're claiming is "secure". That hollows out any reasonable interpretation of the word.
Of course, as I noted elsewhere, saying an application is "secure" isn't a meaningful claim anyway without an explicit threat model &c.