I see the point you're trying to make but it's really very orthogonal to this issue: this was an issue in a documented part of a documented feature, it's not some "deeply embedded" system management controller with no documentation, it's "the signed firmware update feature in the big obvious selling point where the server has a backdoor management interface was broken."