In our experience, unfortunately I must say, that in many areas testing is not (yet) as extensive as would be desirable. The domain of safety-critical software is of course an exception. Here, industrial norms such as ISO 26262 for the automotive industry or DO-178C for aerospace stipulate that a given code coverage must be achieved through module testing. The more critical the software, the stricter are the specifications.
Primarily functional tests are performed outside of the safety-critical domains. Checking the software for bugs and security gaps is rather being neglected. Functional tests may show that the product actually “functions”, however, as soon as circumstances change, be it through different application or extension of the software, then faults may occur which were not uncovered by the initial functional tests.