People are target fixating too much. Sure, this parser crashed and caused the system to go down. But in an alternative universe they push a definition file that rejects every openat() or connect() syscall. Your system is now equally as dead, except it probably won't even have the grace to restart.

The whole concept of "we fuck with the system in kernel based on data downloaded from the internet" is just not very sound and safe.