I’ve heard product managers proudly proclaim their firmware was signed using the corporate internal signing service (good).

Of course, the question explicitly being asked (related to internal mandate) was if the firmware was signed — not if the firmware update process actually checked the signature (it certainly did not).