Still, not a bad overall track record
Yubico has been around for 12 years now. Their devices by design do not allow customer-level firmware updates, meaning that if a security vulnerability is found they pretty much HAVE TO issue replacements. Even so, I am only aware of _two_ replacement programmes: after the discovery of the ROCA vulnerability, and the current one.
Of the three hardware security devices I use on a regular basis (a YubiKey, a similar token from a different vendor released at around the same time, and a "normal" SmartCard in credit-card form factor), overall I still consider the YubiKey the best value for money.