For anyone whose knowledge of this starts and ends with The Big Short, CDOs are not inherently bad. They're just a structure for divvying up assets based on risk. The problem up to 2008 was that the risks were downplayed/hidden by the banks and the credit rating agencies.
We do the equivalent of CDO to our networks at Google. (Ie tcp can't deal with packet loss, so needs the best tranche; especially if user facing. Some long running copy operations with fountain codes only care about total throughput, not lost packages, so get the `equity' tranches.)