> IMHO the hardware vendors from a certain East Asian state have such poorly written software stacks, that they could almost be classified as APTs - security is non-existent.
Thank god we have the hardware and software vendors from a certain north american state, who take security very seroisly. Oh, wait ... /s
Given that Cisco has RCEs and hardcoded credential CVEs at least once every half year or so, the question does arise if our current level of audits is even remotely sufficient. And it's not Cisco alone - any major vendor of VPN or firewall or general network gear suffers from the same problem.
They are not. Cisco and literally every other major commercial IT vendor has software that can only be considered a pile of trash that is grossly and criminally inadequate against commonplace threats and attacks.
But imagine how bad your software has to be to not even be good enough to qualify as a pile of trash. Do not let terrible be the friend of bad.
Thank god we have the hardware and software vendors from a certain north american state, who take security very seroisly. Oh, wait ... /s