"ACI experts said the use of open-source libraries are one of the main reasons for the presence of security flaws in router firmware"

Sigh, open sores once again is the cause of wide open vulnerabilities.

Wow. Glad I already installed ExpressVPN on my router.

"ACI experts said the use of open-source libraries are one of the main reasons for the presence of security flaws in router firmware"
What difference does it make if the router uses open-source or not? If the router maker does provide updates, proprietary or open-source firmware makes no difference, as both will have more and more known flaws over time.

Even in the case of open-source firmware, which use packages like busybox, it is still the responsibility of the router maker to make sure those packages are updated, just like they have to update their own proprietary pieces of software.

Blaming open-source seems like scapegoating to me. ACI's own statement supports my claim:
""Our analysis shows that, on average, routers contained 12 critical vulnerabilities and 36 high-risk vulnerabilities, across the entire sample," researchers said."
Meaning proprietary routers have the same number of flaws as open-source routers.

Some ISP-provider routers have not had firmware updates in years, and cannot be updated in any other way except through the ISP.

Router vendors are somewhat quicker.

Not sure what part of open source in the study was concerning, but I moved to LEDE/OpenWRT a while ago and have never looked back. The latest version, 18.06.1, was released in August.

Later Apple Airport routers will blink yellow LEDs if the firmware needs updating. And the s/w pops up a window on your Mac to allow a simple update. I found this a nice feature (had to swap them out though for Netgear at home, for performance problems, and agreed, Netgear is harder to update).

Generally, ISP routers are secure, if hamstrung.

I recently tried updating my netgear wi-fi extender to include the latest firmware and it was a painful process that ultimately FAILED after multiple attempts - the darn thing would simply not update (unknown errors) so I gave up and have considered throwing the darn thing in the trash can. The manufacturers of the home gear in particular should make it super painless to update their firmware in a safe and reliable manner with sensible instructions and procedures. And then there are the routers that come from the cable providers for wi-fi at home use. Darn near worthless in terms of providing *any* useful information on whether or not these are up-to-date firmware wise. What a mess...

I read the article and I looked at the report but I didn't find any real information. Your router may be insecure. Is mine? Which routers are good and which are not? There's a list of all the routers tested but I couldn't find any actionable results. If I was to buy a new router, which one would I get? The report doesn't say. Seems a pretty glaring oversight!