"In addition, many fail to see the benefits of upgrading until a particular serious vulnerability in older technologies is exposed."
And the Titanic only needed 20 lifeboats until it was sinking.
The problem with things like security is that they're invisible to the user, therefore it's normally very difficult to impossible to make a case to management for investing time and resources into improving security, until Bobby Tables has stolen your database and you're all over the news for the leak of 40,000 sets of credit card details you were responsible for.
This attitude needs to change if any real progress is to be made. You can improve the TLS library all you want and it won't do any good if developers are not allowed to update the TLS libraries in their software because management want a cute song to play whenever a customer puts something in their basket.