Zyxel's policy release for firmwares: can be improved?

mMontana · September 2019

Some says that bad luck does not exist. I'm asking myself if that's true for ZLD4.33

Announced ad the end of January, 7 months after 4.32, it has been... a quite rough way.

At the beginning of March was announced a patched version for addresing Wireless connection issues.

Middle april, XSS reference vulnerability

Beggining of June, "Patch 1 version" for SecuReporter

Ending of August, CGI vulnerability

But still, late october or end of the year is the release outlook for an updated version.

Starting from 4.x i was not very fond of the automatic update of the firmware (instead very fond of dual image capability) and the lack of availability on FTP server for firmware. But i get along with that.

But during this funny 2019 it's the fifth time that i have to update devices... which are supposed to update automatically. And they are not because no "official" version is released, only "patched" or "lab" or "WK"ish, and i have to contact someone, or look for some NextCloud or OneDrive for business to find them.

I understand that vulnerabilities can be found and need to be fixed. But if there's no automation in updating (even delaying that for a month, which can be chieved with configuration)... A vulnerable firmware is better then a patched one? Firmware release by Zyxel seems that't their song.

I hope that this "rant" won't hurt, it's a suggestion to improve. I don't like "Release Now, Fix it Later" approach, but this is keeping "keep not releasing even if released it's broken" ?