Seeing manual shell escaping to block the kind of exploits which were cliched before the turn of the century really says a lot about the value of certifications, audits, “secure SDLC”, etc. and all of the other things vendors claim to do.

Ironically it's always the "security companies" that have the worst track records. And yet all the "security professionals" keep installing them. There's some talented people doing reverse engineering and more but it's clear that whole industry has been wholly captured by hucksters and charlatans.