[WireWrap]

> We've completely accepted auto updates for browsers (chrme & firefox) - years ago.

Enabling automatic updates from outside organizations SHOULD get you fired in any and every business where security is important. I've never seen it done in such environments, and certainly would never do it myself.

[acdha]

That's an understandable motivation but it has to be balanced against the risks of keeping your users vulnerable for longer periods of time. It's rather expensive to have a 24x7 security team to review & push updates.

For something like Chrome that's probably a net loss because the Google team is very good and browsers are both Internet-exposed and generally self-contained. For something like Windows, the reverse is true because there are a lot more things to test, many with local apps or settings which have a lower chance of being tested upstream in the exact combinations which you use.