I didn’t say in-house code was good, but it does keep you from being exploited by things like what recently happened with NPM.

Companies genuinely don’t care about the software they use, as long as it works and isn’t hacked. This is especially true in non-tech enterprise.

At my former place they still had hundreds of ASP Webforms with custom in-house ASP libraries that were utter shit, but they worked.