The statement admits that they fell short of the privacy and security goals but go on explaining how it's not their fault. It makes it look like either the issues are non-issues, or they're someone else's issues, or "we'll do these generic things that don't address in any way how those issues came to be". Which is a big thing to mention if you care about transparency and earning back the trust.
Some of the biggest issues came to be due to deception and this message does not address that point. They were intentional decisions with effort put into obscuring them. One of the most egregious being the creative use of the "end to end encrypted" moniker. That was deliberately deceptive and I don't see this cookie cutter response addressing any of that.
More engineering resources and engineering fixes don't fix deception, that starts at the top. And this puts the whole message into question.
Some of the biggest issues came to be due to deception and this message does not address that point. They were intentional decisions with effort put into obscuring them. One of the most egregious being the creative use of the "end to end encrypted" moniker. That was deliberately deceptive and I don't see this cookie cutter response addressing any of that.
More engineering resources and engineering fixes don't fix deception, that starts at the top. And this puts the whole message into question.