That’s fairness to a new employee. Does the multibillion company of a widely-deployed sensitive product deserve a pass for having poor or nonexistent employees doing security previously? Not really IMO.