Things on a currrent Ivanti VPN box: curl 7.19.7 2009-11-04 (14 years) openssl 1.0.2n-fips 2017-12-07 (6 years) perl 5.6.1 2001-04-09 (23 years) psql 9.6.14 2019-06-20 (5 years) cabextract 0.5 2001-08-20 (22 years) ssh 5.3p1 2009-10-01 (14 years) unzip 6.00 2009-04-29 (15 years)

This is just a spot check of a few execuables on the system. I didn't even look at any of the libraries. If customers knew what they were purchasing, do you think they'd go through with the purchase? Imagine a complete SBOM for *everything* on the box...