What is he even referring to?
Is it a reply to some paper discussing number of vulnerabilities in router products?
Where is it to be found?
I found an article here:
https://securityledger.com/2019/08/huge ... -15-years/
I also looked at the website of the organization that did the report and didn't see anything about it.
https://cyber-itl.org
These are all features that I would have expected the various vendors to be aware of and have implemented.
The response that Normis gave is equivalent to saying, "I don't have AIDS" when he should be able to be saying, "I don't have AIDS and I always wear a condom too." We don't just want Mikrotik to be looking for and fixing vulnerabilities, we also want modern development and design practices that prevent vulnerabilities in the first place.
To be fair, the other companies shown aren't doing a great job with this either, and the Linux kernel itself probably should do better. (Although I have been told that recent Linux kernels are better in this respect than older ones were.)
Implementing features like stack guards, ASLR, and RELRO would ultimately help Mikrotik as well, because it will prevent some vulnerabilities and then Mikrotik won't have to scramble to fix them and get patches out. In other words, if they don't have to fight so many fires, they'll have more time to work on more interesting things.