[kardianos]

That CVE is for third party software. But this brings up a good point. It has a good API surface you can plug into in many ways.

There have been some CVEs, but all the exploits I'm aware of already had patches and were only exploitable for un-updated models.

I honestly don't know what you mean by not invented here. They did create a wireless protocol for point-to-point products with some advantages for those who opt into it, but that's the only thing I can think of.

Sometimes their documentation is lacking, but generally their docs are very good.