Schneier asks about a good question:

More frightening than my experience is the possibility that the company might do this to an existing customer. What good is a security product if the vendor refuses to sell you service on it? Without updates, most of these products are barely useful as doorstops.

"The article demonstrates that a vendor might refuse to sell you a product, for reasons you can't understand. And that you might not get any warning of that fact."  Yes, this is true. Many companies struggling with compliance requirements can fix everything except the commercial off the shelf (COTS) software that they purchased. What is a company to do if they cannot verify the security (or continued security) of a product they purchase.