The entire story seems kind of ridiculous. Given the descriptions, we're talking about an access control bug. Calling it a "firewall failure" makes it sound ridiculous, and I agree that it shades everything under a nefarious tone. But since campaigns are chock full of lawyers, they might be using it in a legal sense, referring to a "Chinese wall" [1] that prevents certain communications to avoid conflict of interests. Unless access logs show that the Sanders campaign decided to suck up everything, it's hard to argue that the DNC didn't massively overreact here.
Whatever the case, what confuses me are the suggestions that these sorts of breaches are common and that they have been for some time. What the hell are these software vendors doing? Access control is nothing new. And while getting it right isn't always easy, there's no reason for you to continuously get it wrong, either. It's also really easy to test, comparatively speaking, because potential issues here are predictable.
Whatever the case, what confuses me are the suggestions that these sorts of breaches are common and that they have been for some time. What the hell are these software vendors doing? Access control is nothing new. And while getting it right isn't always easy, there's no reason for you to continuously get it wrong, either. It's also really easy to test, comparatively speaking, because potential issues here are predictable.
[1] https://en.wikipedia.org/wiki/Chinese_wall