Security researchers have known about vulnerabilities in third-party components for years. Anytime you increase the attack surface of an application through the use of third-party components (commercial or open source), you're potentially introducing vulnerabilities that you didn't create. A formal study was conducted by Aspect Security in 2012. https://www.aspectsecurity.com... which illustrates how big of a problem this actually is. Up until this time, the security community always knew it was a problem, but didn't have much stats to back up their claims. This research (as well as other data points) was essential for OWASP to introduce a new category in the OWASP Top Ten 2013 - A9: Using Components with Known Vulnerabilities. 2014 was not "the year we learned how vulnerable third party code libraries are". It was the year that organizations which had no security best practices in place, paid a much higher price than organizations that did.

Dude, this has been available for years. Any ISDN PRI has this ability built in. In fact, most phone systems on the market include the ability to modify the calling partys number on a per extention basis, if connected to an ISDN PRI. The best part, is that you only have to spoof the number. If the receiver subscribes to callerid with name lookup, it will automatically lookup the name for the number I put in.