So they are suppossed to update immedately regardless of what actually changes were made in the software? I can see companeis expoilting that by mkaing pointless updates, oh wait MS already does, anyways I don't know if it's negligence or not to me that doesn't seem that bad considering the costs involved, I can see a company only upgrading every year but again I don't know what the industry standards are and I suspect neither do you 

The Apache HTTP Server Project is proud to announce the release of version 2.2.17 of the Apache HTTP Server ("httpd"). This version is principally a security and bugfix release.

This version of httpd is a major release of the stable branch, and represents the best available version of Apache HTTP Server. New features include Smart Filtering, Improved Caching, AJP Proxy, Proxy Load Balancing, Graceful Shutdown support, Large File Support, the Event MPM, and refactored Authentication/Authorization.

don't get me wrong... from the info presented one can only conclude that sony was indeed negligent... but my point is that this is far from being isolated to sony... in fact i read something a few weeks back about the iphone leaking information pertaining to the location of its user... google sells information on its users to companies etc... im not saying that these other situations are as severe just comparable

Assumptions can be dangerous. I work in the software industry, with a decent amount of experience with the open source community.

There is a well-known fact about open source software such as Apache: the fixes to exploits happen very quickly once discovered, but in order for this to happen, the exploit must be made public in order for the explot to be replicated (to see if it's fixed when it's coded up). so it's a matter of keeping up with the community, because that's also where the hackers get their information. It's the lazy, negligent companies that end up getting slammed with known exploits.

I refer you to a post made in http://httpd.apache.org/

This was the second update that Sony missed on it's authorization server. As you can see, some exploits have been fixed with a refactoring of the Authentication/Authorization protocol. You will also notice that this is dated October 19th of 2010. Sony didn't even have 2.2.16, letalone 2.2.17. They had 2.2.15. The exploit could have been delivered by anoyone browsing the Apache forums on what bugfixes were made to meet the 2.2.16 or 2.2.17 release.

In the terms of frequency, many financial institutions as well as places that store sensitive information, make it (at least) a daily occurance to frequent the sites that deliver this critical news. It's not like the news is scarce, either, I frequent several sites in order to keep up with recent changes in software. It's my job to do so.

financial insitutions it's alot more pressing then a gaming company, and all you really told me with that is that Sony isn't the premire of secruity (which I already knew) and you don't know what the industry standard is either, you seem biased because you work for a company that does have a higher industry standard then Sony's industry and it's your job to make sure they have top of the line secruity and any company that doesn't you call negliligent when it might not be realistic for other industries to do so 

What? I'm biased towards security? Shouldn't everyone be? There is no excuse for lax security, especially for one with a revenue as big as Sony.

Security is not a finite resource that has to be shared. There was nothing stopping Sony upgrading to 2.2.17 because my company may have done it, that argument is completely ludicrous.

So tell me, what was so unrealistic of Sony to NOT keep their services up to date? I'd really like to hear this. The company holds sensitive data for millions of users, their assets are one of the largest in the world, yet updating an Apache server is way to damn much to ask for from them!

and thats just one other situation similar to this one with sony... im quite sure that if i tried i'd be able to find several other similar events that happened this year...

"Shouldn't everyone be?" With that we enter the freedom vs security argument, and martial law and stuff, everyone would be safer if we were inside before it gets dark, but that isn't realistic for adults but it is for kids, see what I'm getting at 

Uh, no. Where does freedom vs security come into this? Sony aren't keeping data hostage from users. They willingly put their information on there in confidence that Sony had the security to keep it locked away. there's no "exceptions" here. Nobody is whining that the added security wouldn't allow them to do something.

They were fine 10 months after they didn't upgrade and if they didn't piss off hackers they'd probably have been fine until they upgraded, and psn is a free service, if you pour too much money into a service you don't charge for the service itself can collapse and thats not good for your customers, and like I said before if you don't know what the indsutry standards are you shouldn't call them negligent, especially when all they lost on the psn servers was stuff most people put on facebook and are on 100 other different sites with next to no security some of them random people are allowed to see the info 

So this is what the defense has come to? "But....everybody else is doing it!" Does that mean it's still right? Of course not! And I'm not speaking from a professional point of view on this one, I'm speaking on the point of a consumer, one that is not a mindless drone who responds with "Yes Sony. you're right, Sony. We're sorry for being bad customers, Sony. We'll do better next time"