If that is the mindset in your company, why even bother looking for vulnerabilities?