[stoplying1]

"I'm good at DevOps and everyone else should be too", feels tangential, and isn't going to help you when your banking session gets compromised because your bank wasn't prepared to roll this out through any expedited process versus their regulatory compliant, slow process.

(As an example/thought experiment. I make no claims about the vulnerability at hand.)

[rascul]

I don't know anything about the update processes banks use. I would hope they wouldn't have to jump through hoops to apply a security update. Didn't they learn this already?

[adamckay]

What do you expect banks and other regulated industries do? YOLO patch whatever and whenever?

I don't work in a regulated industry where it's required, but we do similar with a proper change control process and there's not a single individual that's authorised to perform changes without oversight, (even if that oversight from senior leadership comes retrospectively).

[rascul]

What did banks do with heartbleed, shellshock, spectre, etc?