How big does a vendor need to be, or how much market penetration into a country's technology, military, and defense corporations can a vendor have, before they don't get to decide the time table for fixing a security vuln?

At what point does a security hole stop being a sexy software bug and starts being a national security threat?

When did international corporations start making foreign policy decisions far louder than a Nation State?

This is a crazy time.