Jack Rhysider

I would review every single change that ever took place on them.

And I don't think I would like it if Cisco just decided to patch them one day without my consent.

Like some were in hospitals that were mission critical and some hadn't been patched for years because they were so finicky and any change to them would just make them wig out and crash.

And when I had to update them, I wouldn't do them all at once in one big swoop.

I'd do them one at a time and hold their hand and make sure that nothing broke after the upgrade and everything came back up as expected.

If a security vendor just slapped a hotfix on all my firewalls that I was in charge of, I would freak out.

What?

We did not get approval for this change.

We aren't in a maintenance window.

We don't even know what changes you made to the firewall or what's happening.

How can you just come into our devices and make changes without us knowing?

I would be upset.

I wondered the Sophos team get approval from their lawyers before issuing a hotfix to their customers like this?

Is this even legal?

Yeah, I mean, I think not only that, but it's like this idea that the vendor can come in and change my device in any way.

It's not just like crash logs that are being sent to it.

It's, wow, what else can you do?

If you could put a hotfix in, can you see the password?

Can you see the connections?

Can you see