[dspillett]

> Recently I just heard of a company that finally, in 2018, upgraded their IE requirements to IE 11.

One of our clients is one of the largest investment/savings banks in the UK. For services for their back-office and branch users they have only just dropped IE8 support as a requirement.

Logs I have access to show a fair number of users still have IE8 and are using it to access our legacy products, though we are assured that everyone either has IE11 or Chrome or both so for the newer services releasing to them RealSoonNow(tm) our insistence on dropping support for IE prior to 11 is not going to be a problem (though we have heard that before, so I on this matter I await the post rollout feedback with a mix of hope and trepidation!).

[talmand]

Personally I find the idea of a bank supporting such an outdated browser disturbing on a security level.

[itsmendy]

Why?

[dspillett]

The feeling is often that using such old software implies being "backwards" so possible vulnerable to exploits in the older code. Of course while the browser is still officially supported (as IE11 is due to be for some time) security releases are still being made so it should in theory be as safe as a current browser.

BUT:

1. Still using IE8 is absolutely a red flag, that stopped being supported in 2016.

2. Being so far behind with browsers may imply being behind generally, and while IE11 is still security patched maybe the organisation runs other old software that isn't (news flash: I can report that at least two organisations I know of routinely run software in their back-office environments that is not longer supported at all because the vendor closed, the product was never passed on to other maintainers or opened, and projects to replace the affected software are massively behind schedule - for obvious reasons I won't state who those organisations are and what the software is).