How frequently are vulnerability scans conducted on cloud infrastructure? How quickly are critical security patches released and applied?

We scan our code, cloud and application multiple times per day. Patches of vulnerabilities with published exploits are applied within short days of public disclosure, if a vendor fix exists. If such a fix doesn't exist, we ensure substitutive measures to block the exploit vector.