An attacker s perspective on bug hunting can help inform how defenders protect valuable assets. Finding and exploiting a bug can take anywhere from a couple of hours to several months, or longer. For attackers, doing an audit of open-source code is an easy way to find vulnerabilities and a relatively unguarded path into a network. Attackers love to follow the footsteps of your team members outside of the walls of your network to find traces of information that could lead to an exploit. If you patch a vulnerability for code that’s currently in development, you ve left a variant of that bug unpatched.
Source: https://threatpost.com/4-ways-attackers-hunt-bugs/165536/