reflecting on CSRF
All software has bugs. It shouldn't be any big surprise to reveal that.
What keeps you ahead of the game is how you respond to bugs, including security holes, especially for security vendors.
Yet, besides Check Point, their reaction seems to have been to cover their ears and pretend it didn't happen. One vendor claimed to have filed "a formal complaint with CERT"; we'll get out more about that one later. :)