Hacker News new | comments | show | ask | jobs | submit login

> Sophos products should only ever be considered for low-value non-critical systems and never deployed on networks or environments where a complete compromise by adversaries would be inconvenient.

IMO, that should hold true for just about every piece of third-party software that you're installing on your networks/computers without having a thorough audit done on it and the integration with your systems. At the end of the day, the security of your systems is your problem, not anyone else's; while Sophos dropped the ball here and is responsible for the vulnerabilities themselves, it doesn't make you any less hosed if they're used to compromise your systems.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact