→ In don't run 'strings' on untrusted files [1] Michal Zalewski complained that running the strings-utility for computer forensics or other fields of information security could make you vulnerable yourself, so you should not use that. Given that strings is Free Software, I find a different conclusion from the vulnerability of tools used by professional forensics people.
I’d say if you’re actually using these tools to earn money, it is high time to go in and fix them. Also the linked bug (nine years ago) is marked as fixed. So there are people doing that.
Software has bugs. Free Software [2] makes it possible for people who rely on it to fix problems they encounter - especially when they rely on it for their profession.
That’s part of the point of allowing commercial use of Free Software: To allow expert craftspeople to collaborate on improving their tools.
PS: Naturally there’s a limit to fixing the tools. There are habits which should be changed, but if the tools don’t get worse for other things by fixing them, those changed habits are workarounds which should be replaced with clean fixes.
Links:
[1] http://lcamtuf.blogspot.de/2014/10/psa-dont-run-strings-on-untrusted-files.html
[2] https://www.gnu.org/philosophy/free-sw.html