Also their security team can just be a subgroup of coders who have some idea how their software executes.
IMHO most sane vendors who want you to install something on your machine make it open source and use existing tools as much as possible. Doing it this way also decreases chances of some "temporary fix" changes on even otherwise secure software. Companies optimize for money, management tries to align with company values and engineers often just have to follow it. It's inevitable what trade-offs will be made unless there's some direct negative impact. For everybody selling their time and not being heavily invested, ignoring black swans and basically "eating tons of sugar" is the natural move.
IMHO most sane vendors who want you to install something on your machine make it open source and use existing tools as much as possible. Doing it this way also decreases chances of some "temporary fix" changes on even otherwise secure software. Companies optimize for money, management tries to align with company values and engineers often just have to follow it. It's inevitable what trade-offs will be made unless there's some direct negative impact. For everybody selling their time and not being heavily invested, ignoring black swans and basically "eating tons of sugar" is the natural move.