His basic, most fundamental flaw, was simple.

He complained, "Why don't perl improve?" near the end. It was his conclusion - perl is crap because it "don't improve (sic)." And he proved this lovely little theorem by testing the "popular" and massively outdated modules. I don't care what language you write your web service in, if you use models and libraries that are not current, you're going to have problems.

He complained that perl hasn't improved based on the fact that his choice of targets were outdated. WAT is right.

There were other problems, to be sure, but this one is so fundamental that the rest of his flaws are really quite minor, relatively speaking. Basically, he just told us that Java 1.2 is insecure, and that everyone should stop using Java 8 because of that.

And this passes for security research? Maybe in his little corner of the world, but any serious security researcher would be embarrassed by such a conclusion from such irrelevant evidence.