Here's some of this morning's email apology:
I am mortified, as is everyone in our marketing team, that this has happened.Thanks for the quick response Sophos. Apology accepted.
The messages were not posted on that guy's blog by an employee of Sophos, but by a worker at an external company hired by our marketing department.
We have called the company concerned in for a meeting today, and will be reading the riot act to them. Furthermore, we will be ensuring that this kind of activity stops immediately, as it runs counter to everything we believe in as a computer security company.
There's enough junk on the internet already - we don't need firms representing computer security companies adding to the problem with such inane and unprofessional posts.
We strive to be much much better than this, and on this occasion things went badly wrong. I'm genuinely sorry.
Just so you know, we are going to put better processes in place so that third party agencies understand what Sophos does and doesn't find acceptable in promoting our brand.