Hacker News new | comments | show | ask | jobs | submit login

> Sophos products should only ever be considered for low-value non-critical systems and never deployed on networks or environments where a complete compromise by adversaries would be inconvenient.

IMO, that should hold true for just about every piece of third-party software that you're installing on your networks/computers without having a thorough audit done on it and the integration with your systems. At the end of the day, the security of your systems is your problem, not anyone else's; while Sophos dropped the ball here and is responsible for the vulnerabilities themselves, it doesn't make you any less hosed if they're used to compromise your systems.

Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact