Hi @all,
I just have some suggestions for sophos / wishes, how things could work better in future - I'd be happy for more input / ideas from other customers, too.
My intention here is not to complain [too much] (everybody can do this via email or his own posts), but to find issues that could help everyone in future emergencies.
I have four main points for suggestion:
- Inform your customers early. Sending a notification email more than 3 days after everything got public is just not good enough for a security company. Blogging is a nice thing, but customer care is more than that.
- Inform your customers and partners about how to minimize or remove the attack vector.
As it is your product that is vulnerable, it should be up to you, not the community in your forums and elsewhere, to get all the vulnerable points together / find solutions.
- If you update your existing KB Articles, add a history of changes. Do you expect customers and partners to manually compare each and every version of your suggestions? A missing time-stamp in your blog-posts even makes it harder to keep track of what's going on, when there are several changes per day. Let people know if you found more important information, instead of hiding them in a few lines in the middle of an "already-been-there-done-that" document.
- Update your snort rules faster if security is the problem. I have seen the community having snort rules to identify the openSSL attack, nevertheless the UTM products were not protected.
If the impact of such a fast rule deployment is unsure, give your customers the chance to decide. Like, offer "quick response rules" vs. "standard-tested" rules as an option in webadmin - and a possibility to see, how many "quick response" rules are active - if any -, to help troubleshooting in "normal" conditions.
And some minor ideas:
- keep your customers updated on such an issue on a regular basis, to let them know whats happening behind the scenes.
- get out the patch quicker (this is just "minor" as I am sure, you did everything you could to get it out quickly, although it felt very slow from a concerned customers perspective, combined with the fact that the UTMs are meant to be *very* central parts of networks' equipment and Sophos is a security company).
- if you take you so much time for getting out a patch, test the deployment, there have been too many issues with it for it taking so much time to getting it out.
Anyone some more ideas? Are the ones listed above valid points, or is it me being a too demanding customer?
Best regards,
Thomas
This thread was automatically locked due to age.
