Blog | News | Jobs
News centre
KnowledgeBANK
More from vnunet.com
ADVERTISEMENT

Symantec snaps up SecurityFocus

Bugtraq users cry foul

By James Middleton 18 Jul 2002

Antivirus firm Symantec rocked the security world yesterday with the announcement that it is to acquire independent security company SecurityFocus.

The $75m cash transaction is expected to be complete by mid-August.

Symantec claimed that the move would offer customers "the most comprehensive, proactive early warning system across the broadest range of threats".

But the deal has been greeted with suspicion by its own community and members of its Bugtraq mailing list.

According to the announcement, Symantec will "take over management of the Bugtraq mailing list and the online security community under the SecurityFocus brand".

It will also manage the forum "for objective reporting by security experts on the latest IT threats and attacks as well as how to prevent security breaches".

But a discussion which flared up on the Slashdot forum revealed a less than enthusiastic user base.

"Will we be seeing more minor security issues inflated to cataclysmic proportions just so Symantec can sell a few more virus scanners?" asked one user.

Another, presumably ex-SecurityFocus, user said: "Symantec always seemed cheap and sleazy to me while SecurityFocus at least tried to be legitimate. With this purchase, SecurityFocus' credibility (at least with me) has gone out the window."

Elias Levy and David Ahmad, of SecurityFocus, tried to alleviate these fears by saying that the acquisition would not change the firm's vulnerability reporting policy.

"We believe that, in order for the SecurityFocus/Bugtraq community to be effective, it must be an independent entity. We believe that its current disclosure policy is appropriate for the venue. Symantec will continue to operate with its separate disclosure policy," they said.

But it seems that SecurityFocus will now have an uphill struggle on its hands to regain the confidence of its user base.

As one other reader commented: "Even if Bugtraq keeps its objectivity (and what a big 'if' is that!), doubt will remain. A critical resource for the security community has been lost, at least because of the lack of credibility in the new owners."

See also:

SecurityFocus quells takeover doubts
Users' scepticism 'no surprise' says vendor  19 Jul 2002
Adobe DoS vulnerability exposed
Elcomsoft finds more eBook failings  15 Jul 2002
No crisis over 1,024-bit encryption
RSA hits out at crytographers' 'misinterpretation'  02 May 2002
Microsoft worms its way off bug list
Microsoft has told Security Focus, the US security company that manages the Bugtraq moderated security email list, that it can no longer publish the software giant's security alerts.  09 Dec 2000

All IT Management

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story
RELATED ARTICLES

Other websites
Accountancy Age
Active Home
Best Practice
Computeractive
Computing
CRN
Financial Director
Information World Review
Management Consultancy
Personal Computer World
vnunet.com
Useful links: About us . Privacy policy . Terms & conditions . Advertise
UK Subscriptions
Overseas Subscriptions
© Incisive Media Ltd. 2009
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503