As the former Director of IT Security for a large regional grocer, I can fully sympathize with the subject of this article. Security changes can move, at times, at a glacial pace. These delays are caused by a variety of issues including small budgets influenced by tiny profit margins, downtime restrictions associated with 18 to 24-hour store operations, and general management avoidance. Though the latter is largely unacceptable, the first two issues are legitimate in real world of retail. All this said, proper coding and Software Development Lifecycle management should limit these types of exposures and make remediation a much smoother process.