Every miner uses the newest Update... the updates are centralized:
1. It's officially hosted on one site, downloaded at a central location.
2. Not all miners check or look at the code or even work on it -- a few devs do. If those few devs decide to inject malicious code... everyone else is just going to download and implement it.
3. There are no real security checks with the updates -- no formal body of regulators or official code security team is going to check it for malware... yes, it's open source and everyone can view it -- but then you'd need volunteers to check it regularly. Often, people who check the code only do so after everyone updated already.
So I ask, as bitcoin gets more and more expensive and large financial institutions are considering pouring their holdings in ... the people behind the security code are legitimately not as decentralized.
Mining pools typically are technologically advanced enough to build their own bitcoin implementations that is custom to their pool. Also, if a miner were to have malicious software, this would not affect any user of bitcoin.
As software is updated with Git, the specific changes are highlighted. This means you can verify the code one day in its entirety, and as the software is upgraded, would only need to review the specific changes as opposed to reviewing the entire code again.