It's an old Reagan saying that should be familiar to Corporate IT - "Trust but verify" (then again with all of the IT downsizing outsourcing and re-alignment these days maybe this is a now a new thought). Okay, McAfee has egg on the face for the botched update that took out more systems yesterday than any recent virus attack that I can remember, however the IT departments at those corporate sites that were hit may also have some 'splainin to do.
Clearly more and more departments are taking the easy road and either letting their corporate charges go directly to the vendors sites to pull down updates whenever they (or the vendor) feel like it OR if they do install centralized update servers within the corporate network, fail to adequately test those updates before releasing them to the rest of the corporation. McAfee has work to do but none of the other big vendors should be resting on their laurels either, IBM, McAfee, Symantec, Microsoft, Adobe or a host of other companies can make a mistake. Even if the update is 100% correct (from the vendors point of view) without testing how does the corporate IT department know that an update won't take out an important company asset due to an unintentional (and untestable from a vendor viewpoint) conflict?
Trust but verify guys.