The article is too FUD-heavy. It talks about millions of businesses using Zyxel hardware. Later, mentioning that Censys found only 1,500 of the vulnerable models on the internet. (And no mention of how long ago the vulnerable ones were disco'ed.)
When Zyxel management was making this decision, there was also the issue of how many vulnerable models might actually get fixed. A "we spent the $$$, it did zero-ish real-world good" outcome doesn't deliver much warm & fuzzy to the bottom line.
The article is too FUD-heavy. It talks about millions of businesses using Zyxel hardware. Later, mentioning that Censys found only 1,500 of the vulnerable models on the internet. (And no mention of how long ago the vulnerable ones were disco'ed.)
When Zyxel management was making this decision, there was also the issue of how many vulnerable models might actually get fixed. A "we spent the $$$, it did zero-ish real-world good" outcome doesn't deliver much warm & fuzzy to the bottom line.