Remember the evolution of UNIX at AT&T ended up on Inferno, not Plan 9.
In 2005 you did already have safer, capable, mature systems programming languages available, eg Ocaml, but for cultural reasons they were not often used in SV. And people were less educated about building secure software (goes double for enterprise security products).
Isn’t this blog post effectively “we patched our firewall, things broke, we made a support case, and the vendor investigated and filed a CVE”?
Lots of vendors dismiss support issues without strong data. But if you go to the length of decoding the request, outlining the steps to reproduce etc you can have a much faster experience. Especially with network vendors where 99%+ of their support workload is dealing with client or reseller misconfiguration.
Its maybe a bit trumped up, it smells a bit like MSP marketing but its also at least a little bit warranted?
Actually I was in a similar place with Palo 24 months or so ago, and despite handing them everything they could possibly expect they handed us a workaround (Just bounce your vpn sessions manually when they fail) instead of issuing a patch. However there was a strong argument there that our customer was a bit too dedicated to their wacky vpn architecture and should be doing things differently. Really the kudos here is getting the vendor to perform which I feel is a huge skill these days.
