Its totally and amazingly ignorant for ANY corporation to know about these vulnerabilities, and, after more than a couple of years for most, still haven't patched and secured their infrastructure. Zero regard for the customer data let alone their propriatary data is seriously evident. I suppose profits coming to screeching halt when the lights go out and don't come back on will be the push needed but then, its too late. Its already too late for some. 

https://www.bleepingcomputer.com/news/security/mitre-updates-list-of-top-25-most-dangerous-software-bugs/

Edited: Government entities are not immune nor lacking in complicity

https://www.bleepingcomputer.com/news/security/cisa-warns-of-stealthy-malware-found-on-hacked-pulse-secure-devices/