All IPS Signature release notes are incorrect.

Question

I thought it was weird that Sophos was rating the Log4j vulnerability as the lowest severity, when everyone else in the world considers it a high risk. But it appears that Sophos has just always got their documentation wrong. 
 
 Looking at all the IPS Signature release notes here: 
 https://docs.sophos.com/releasenotes/index.html?productGroupID=nsg&productID=application&versionID=xg 
 For as far back as you can go (Jan 2019) all appear to have the severity levels table back to front.

Which contradicts the actual Device Gui:

I can kind of understand they confused themselves, since for IPS vulnerabilities they rate them as 1 - Highest, but Application risks they rate as 5 - Highest and 1 lowest.

splarksop · Accepted Answer

So it looks like this has been corrected on the latest ones now. 
 AND they have also gone back and re-generated the PDF's for the last couple of months worth with the corrected tables. 
 Amazing work!

emmosophos · Answer

Hello there, 
 Thank you for reaching out! 
 I forgot to update this post, but yesterday I reported this to the documentation team 
 Regards,

All IPS Signature release notes are incorrect.

Top Replies