Not reassuring until
they note in their security bulletins and CVEs that not only have they patched their broken code, but that *also* they have diagnosed why their automated code scanners and fuzzers didn't catch that flaw previously, and have fixed those tools, and re-checked their entire code base. Y'kno, feedback that "here's a stupid code pattern!" to find the _other_ places that bit of stupidity lurks.