Reactive instead of proactive?
""Finding and fixing bugs isn't the way to go, ..."
" ... organisations should follow suit and stop "patching every vulnerability" ..."
Then, later:
"That strategy has .... , and sped the time to patch from 10 weeks ....... to a recent record of 36 hours"
Apart from the apparent logical disconnect, this seems to say we should wait until somebody bad finds a weakness, then defend as hard as we can. Don't bother fixing any faults, flaws or weaknesses; just wait until the bad guys find it then work hard and claim rapid success.