If you've read that out of the paper you read a different one. Quote:
"Our grading scale focuses on the security of the TLS
handshake and does not account for the additional HTTPS
validation checks present in many browsers, such as HSTS,
HPKP, OneCRL/CRLSets, certificate transparency validation,
and OCSP must-staple. None of the products we tested
supported these features."
Read: Some products got the absolute basics right. None of the solutions did anything that can reasonably be called "good".
> I expected much higher general standards.
I didn't. I don't expect anything from security appliance vendors.
If you've read that out of the paper you read a different one. Quote:
"Our grading scale focuses on the security of the TLS handshake and does not account for the additional HTTPS validation checks present in many browsers, such as HSTS, HPKP, OneCRL/CRLSets, certificate transparency validation, and OCSP must-staple. None of the products we tested supported these features."
Read: Some products got the absolute basics right. None of the solutions did anything that can reasonably be called "good".
> I expected much higher general standards.
I didn't. I don't expect anything from security appliance vendors.