As surely as day follows night, there’s news of another example of scary/buggy/crappy IoT firmware. A large number of security vulnerabilities have been found in FreeRTOS and other variants which presumably share the same code base. These include information leaks, DoS and remote code execution. Nice. One of those variants is SafeRTOS -- oh the irony! -- that’s "certified for use in safety critical systems". Whoops! https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-ran... According to the above link, "FreeRTOS and SafeRTOS have been used in a wide variety of industries: IoT, Aerospace, Medical, Automotive, and more.”. The vulnerabilities are apparently in the TCP/IP stack. How is this possible? Rock-solid public domain TCP/IP code has been around since BSD4.4 20+ years ago. Or even earlier. Why would someone shun that, write their own code and do it badly? I just don’t understand the thinking(?) behind that. Does anyone have more info on the actual devices/applications which could be vulnerable?