Re: So they're shit and they know they are?
So very much better than being shit and refusing to admit it
No. Only a little better, unless they fix the problem - which is letting non-experts design their cryptographic algorithms, primitives, and protocols. And then fixing the organizational mess that let this disaster happen in the first place.
I doubt that will happen. What we've seen over and over again is that industry groups like this refuse to hire the expertise they need, and generally refuse even to find out what expertise they need. That sort of willful ignorance gave us Netscape's original CPRNG and WEP and A5/1.
Security is an externality for these groups unless and until it becomes a significant impediment to sales, or someone manages to establish liability (which is very unlikely). And between the economic benefits to utility companies and the like on one hand, and the market of home-automation fanboys and other IoT cheerleaders on the other, it'll be a long time before it hits sales, either.