Couple decades ago a product team of our product, the team consisting of PMs, senior engineers, etc., dismissed a security issue as a not serious because notepad.exe - which the PoC used to show arbitrary command execution - supposedly can't do much damage.
