If a company is serious about security and privacy, they have to do those audits for every feature, regardless of if they use these tools. PCI requires this if you handle money online.
Still, you're right that many companies have a surprising lack of security. This vector of unintentional exfiltration may pale in comparison to the intentional mismanagement and lack of security focus internally. Equifax, anyone?
Still, you're right that many companies have a surprising lack of security. This vector of unintentional exfiltration may pale in comparison to the intentional mismanagement and lack of security focus internally. Equifax, anyone?