Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec to Acquire SecurityFocus

Posted by michael on from the woe-to-the-defeated dept.

cbv writes "Symantec Corp. today announced the acquisition of SecurityFocus for approximately US$75 million in cash. The press release reads, 'With this acquisition, Symantec will offer customers the most comprehensive, proactive early warning system across the broadest range of threats.' The transaction is expected to close by early to mid-August 2002."

13 of 200 comments (clear)

  1. What Aleph1 has to say... by fungus · · Score: 5, Interesting

    From: aleph1@securityfocus.com [mailto:aleph1@securityfocus.com]
    Sent: Wednesday, July 17, 2002 5:28 PM
    To: bugtraq@securityfocus.com
    Subject: Administrivia: Symantec acquiring SecurityFocus

    Good day,

    Today, SecurityFocus and Symantec announced that Symantec is acquiring
    SecurityFocus. Symantec sees real value in the services SecurityFocus
    provides to its customers and believes they are an excellent fit with
    their current offerings. We at SecurityFocus see this as an opportunity to
    provide even better services for the security community.

    Symantec recognizes the value and uniqueness of the public services
    SecurityFocus provides to the community, such as the numerous mailing
    lists we host and the content we provide via the SecurityFocus Online web
    site.

    In particular, Symantec and SecurityFocus want to ease any fears as to
    whether the character of this mailing list will change.

    Frequently Asked Questions:

    Q. What is the Symantec strategy for keeping data sources?

    A. We believe it is critical to maintain the integrity of the existing
    security community currently part of the SecurityFocus portal and
    Bugtraq mailing list.

    Q. What is Symantec's disclosure policy?

    A. Symantec believes in responsible vulnerability disclosure and is active
    in initiatives to set best practices in this area. Our first priority
    is to help our customers protect their computing assets by providing
    tools and information to safeguard their systems.

    We will work with vendors, if we discover vulnerabilities in other
    products, to report and investigate the issue in a thorough and timely
    fashion, in the same way that Symantec will work with other security
    researchers if they find an issue with any Symantec technology.

    We observe a 30-day grace period after the notification of a security
    advisory to give users an opportunity to apply the patch. During this
    grace period, we provide our customers significant information about
    the vulnerability and the fix, but not step-by-step instructions for
    exploiting the vulnerability. We do not provide detailed exploit code
    or provide samples of malicious code except to other trusted security
    researchers and in a secured manner.

    Q. Will Symantec change SecurityFocus' vulnerability reporting policy?

    A. We believe that in order for the SecurityFocus/Bugtraq community to be
    effective, it must be an independent entity. We believe that its
    current disclosure policy is appropriate for the venue. Symantec will
    continue to operate with its separate disclosure policy.

    Sincerly,
    Elias Levy, David Ahmad,
    and the rest of the SecurityFocus staff

  2. Prediction! by Codex+The+Sloth · · Score: 5, Interesting

    Prediction: Symantecs products are going to suddenly become very secure.

    --
    I am not a number! I am a man! And don't you ... oh wait, I'm #93427. Ha ha! In your face #93428!
  3. Countdown..... by Mr+Guy · · Score: 3, Interesting

    Countdown until Rob Rosenberger has a nervous breakdown begun... 10 ... 9 ... 8 ... 7 ...

    --
    Never confuse volume with power.
  4. Re:I'm glad I have Junkbuster by petong · · Score: 2, Interesting

    I just installed privoxy which is based on junkbuster. Not only does it filter out ads, but pop-ups as well. nice.

  5. Bad news... by Cinabrium · · Score: 2, Interesting
    for all the information security community. Some of the probable effects have already been discussed in other postings:
    1. Would we believe the seriousness of virus threat anouncements? (BTW, please see the interesting musings of Bruce Schneier in the last issue of CRYPTO-GRAM.
    2. Would we believe in the security of Symantec's products?
    3. Would Symantec take advantage of first hand information before releasing it to public knowledge?
    Even if bugtraq keeps its objectivity (and what a big "if" is that!), doubt will ever remain. A critical resource for the security community has been lost, at least because of the lack of credibility in the new owners.
  6. Editorial Independance by klp · · Score: 3, Interesting

    At the company-wide meeting about the acquisition, Symantec president John Schwarz said repeatedly that Symantec is committed on the highest levels to keeping the SecurityFocus Web site alive, and editorially independant. A written policy will set this out explicitly in the weeks to come.

    1. Re:Editorial Independance by Quixote · · Score: 4, Interesting

      "Editorial independance" (sic) lasts only as long as they don't get sued by Micro$oft over some trivial little exploit that gets posted on SecurityFocus. After that, "independance" goes out the window, and the answer is "how high?" (IYKWIM).

  7. Packetstorm..... by micaiah · · Score: 2, Interesting

    Yeah this really is depressing. However, another site I like in case any of you are unaware is Packetstorm. I like it a lot and so far it hasn't sold out. :-(

  8. Mixed feelings... by Rain · · Score: 4, Interesting

    While it appears that Symantec will generally leave Bugtraq alone (not that it's been very useful for some time, imho), I don't really trust them.

    Let me provide my basis (petty as it may seem): I'm the system administrator at an ISP small enough that I do some of the tech support. I've seen NAV's mail scanner totally screw up peoples' mail settings enough times that I don't think quality is something they emphisize. To make matters worse, this problem tends not to be fixed by a reboot, and NAV will lock the mail server fields in OE (I don't think it can do that in Netscape/Mozilla, but I'm not sure) making it impossible to use the affected mail account without completely deleting it and readding it. Sometimes, disabling and re-enabling mail scanning will fix the problem, but that's not always the case.

    I used to prefer NAV over most other virus scanners (and some other Symantec products back in the days of MS-DOS), but I really think they've gone downhill in the past several years. I hope that the same fate doesn't come to Bugtraq--the list has already become bad enough.

  9. Re:Hogwash by MsGeek · · Score: 3, Interesting

    Well, hogwash or no, Norton has never made any Windozer I've installed it on unbootable. Can't say that about McAfee. However, I am seriously looking at AVG because...well...you can't beat the price. NAV is a decent proggie for a less than extortionate price. If AVG can find the same number of viruses that NAV can, however, it's history here at Catseye Labs.

    --
    Knowledge is power. Knowledge shared is power multiplied.
  10. The Announcement on bugtraq ($75M email) verbatim by dnight · · Score: 1, Interesting

    Good day,

    Today, SecurityFocus and Symantec announced that Symantec is acquiring
    SecurityFocus. Symantec sees real value in the services SecurityFocus
    provides to its customers and believes they are an excellent fit with
    their current offerings. We at SecurityFocus see this as an opportunity to
    provide even better services for the security community.

    Symantec recognizes the value and uniqueness of the public services
    SecurityFocus provides to the community, such as the numerous mailing
    lists we host and the content we provide via the SecurityFocus Online web
    site.

    In particular, Symantec and SecurityFocus want to ease any fears as to
    whether the character of this mailing list will change.

    Frequently Asked Questions:

    Q. What is the Symantec strategy for keeping data sources?

    A. We believe it is critical to maintain the integrity of the existing
    security community currently part of the SecurityFocus portal and
    Bugtraq mailing list.

    Q. What is Symantec's disclosure policy?

    A. Symantec believes in responsible vulnerability disclosure and is active
    in initiatives to set best practices in this area. Our first priority
    is to help our customers protect their computing assets by providing
    tools and information to safeguard their systems.

    We will work with vendors, if we discover vulnerabilities in other
    products, to report and investigate the issue in a thorough and timely
    fashion, in the same way that Symantec will work with other security
    researchers if they find an issue with any Symantec technology.

    We observe a 30-day grace period after the notification of a security
    advisory to give users an opportunity to apply the patch. During this
    grace period, we provide our customers significant information about
    the vulnerability and the fix, but not step-by-step instructions for
    exploiting the vulnerability. We do not provide detailed exploit code
    or provide samples of malicious code except to other trusted security
    researchers and in a secured manner.

    Q. Will Symantec change SecurityFocus' vulnerability reporting policy?

    A. We believe that in order for the SecurityFocus/Bugtraq community to be
    effective, it must be an independent entity. We believe that its
    current disclosure policy is appropriate for the venue. Symantec will
    continue to operate with its separate disclosure policy.

    Sincerly,
    Elias Levy, David Ahmad,
    and the rest of the SecurityFocus staff

  11. Will articles like this continue to appear?... by Anonymous Coward · · Score: 1, Interesting
    Past its Prime: Is Anti-Virus Scanning Obsolete?

    (If the link stops working, then I guess the answer would be "No".)

  12. Is it just me or... by ultrapenguin · · Score: 2, Interesting

    Has all the useful security news for *nix sites have been going down the drain lately?
    I mean, I am sure symantec is a great windoze security company, but what do they care about securityfocus?
    Now that website is probably going to be filled with even more useless HTML and crap
    bleh!