The experience of many reporting security issues to the Australian government is to be harassed, so I'm sure many such issues have been picked up by people and not reported out of fear or just not being willing to deal with the drama. One wonders how much this applies even to the developers.
Yeah having worked in a big company or two, "you find it you own it" is a real issue. Easier to keep your head down when you know it'll be an 8-month back-and-forth meeting-fest to fix a basic issue.
Another similar issue is, if you see a huge problem that will take lots of time to fix, and, if you take it on, your timesheets don't have enough time on the other approved new work codes. For this you will eventually be punished in the corporate way, sidelined, no promotion, no pay rise (.5%) and assignment to failed projects where anyone else who worked on them has long gone.
The net result of this is a wasteland of rubbish as far as the eye can see.
