Same here. I've witnessed horrifying security bugs that were basically flagged as WONTFIX internally because it was too much work to fix until it was exploited.