Security researcher Scott Helme has claimed Nomx, an email security appliance, has numerous vulnerabilities and contains unpatched software. Many appliances running operating system versions that are five to 10 years old, many no longer supported by the vendor. Most programmers dont pen test their own code, so appliances have longer testing cycles. Firmware runs code that can only be formally updated by writing to the firmware, so exploits can remain active for months to years. Most appliances run operating systems that contain the same bugs that are once patched by once a month.”]
Source: https://www.csoonline.com/article/3194758/why-your-security-appliance-will-be-hacked.html