Re: This:
It is expensive in terms of programmer hours needed to reverse engineer the hack, then find and fix the bug being exploited. However the most expensive part is usually testing. Normally both programmer hours and test resources are budgeted to current projects, and even though there are teams dedicated to this kind of work, they are normally busy with paying (support) customers.
Not that I would know much about it.
