I agree. Code at the lowest levels is widely under-appreciated as a vulnerable area in connected systems.
Flash has been promoted as protection against obsolescence. Again, I'm not so sure. As you can tell, we are not big fans of over-the-air firmware updates. Our products use one-time-programmable parts. For the obsolescence case, look at the Lawson Labs Model 201, introduced 29 years ago and still very much viable. Flash wasn't an option then, but if the Model 201 had employed flash memory at its introduction, by now it very likely would have been hacked and copied and devalued, rendering it obsolete.
Flash has been promoted as protection against obsolescence. Again, I'm not so sure. As you can tell, we are not big fans of over-the-air firmware updates. Our products use one-time-programmable parts. For the obsolescence case, look at the Lawson Labs Model 201, introduced 29 years ago and still very much viable. Flash wasn't an option then, but if the Model 201 had employed flash memory at its introduction, by now it very likely would have been hacked and copied and devalued, rendering it obsolete.