Remember the consequences of "move fast and break things" mindsets aren't just occasional bugs. Developers hold the responsibility of users' data and our mistakes have consequences.
You can't un-leak data and you can't un-ruin peoples' lives.
I'm not sure if that answers the question but it's what comes to mind.
Alternatively: Move slow and ignore CVEs (I'm looking at you, equifax).
In other words, just because you're consuming code that other people wrote, and that is considered "stable," doesn't mean you can skirt responsibility when that code is found to be vulnerable.
Remember the consequences of "move fast and break things" mindsets aren't just occasional bugs. Developers hold the responsibility of users' data and our mistakes have consequences.
You can't un-leak data and you can't un-ruin peoples' lives.
I'm not sure if that answers the question but it's what comes to mind.
Alternatively: Move slow and ignore CVEs (I'm looking at you, equifax).
In other words, just because you're consuming code that other people wrote, and that is considered "stable," doesn't mean you can skirt responsibility when that code is found to be vulnerable.
Ah yes.