> Ironically enough even cybersecurity doesn't catch them for it, they are too busy harassing other teams about out of date versions of services that are either not vulnerable, or already patched but their scanning tools don't understand that.
Wow, this really hits home. I spend an inordinate amount of time dealing with false positives from cybersecurity.