Mixed view, would go for limited availability (Score 1)

I have two views on this, on the one hand I agree with Marketing and Sales that any external facing communication needs to be carefully monitored, especially as there are many sharks out there trying to spin it into a false story which makes the lives of your sales reps very difficult as it is difficult to train them on all the ins and outs of bugs (they should be able to spin a good story though, a system without bug fixes, but created by humans would have zero trust from my side) At the same time I'm currently on a project of dumping our cloud based ERP provider (after two years) partially because they do bug fixing without letting us know what has been fixed or creating release notes. We spend tens of thousands investigating issues which were already known, to the point we stop invoicing even after the issue magically resolved itself (unannounced patches). Stuff breaks without notice, things change without notice, this is not behaviour I want in an ERP system, I want to be able to test after certain type of fixes are deployed, or at least decide it doesn't warrant attention. My suggestion on this would be to have limited access, transparency to the developers/admin's at your customer, but no general availability (financial systems are vulnerable and people frown on issues). Sure stuff will leak out, but it will prevent a lot of the discussions of people without skill looking at bugs found in google.