Symantec to Acquire SecurityFocus 202
cbv writes "Symantec Corp. today announced the acquisition of SecurityFocus for approximately US$75 million in cash. The press release reads, 'With this acquisition, Symantec will offer customers the most comprehensive, proactive early warning system across the broadest range of threats.' The transaction is expected to close by early to mid-August 2002."
Conflict of Interest? (Score:5, Insightful)
Loss of credibility (Score:5, Insightful)
symantec will NEVER be secure (Score:5, Insightful)
Not Sure What To Make Of This (Score:4, Insightful)
I don't really know what to say. It'd be like Ford buying Volvo or something. Oh, wait . . .
this is the company that would allow magic lantern (Score:5, Insightful)
Ahh, Symantec pledges to acquiese to FBI backdoor demands [politechbot.com]
This is a real problem and needs to be addressed.
Has Symantec policy changed with respect to things
like magic lantern and so forth?
bugtraq. Poof.
Re:Conflict of Interest? (Score:5, Insightful)
Symantec is a corporation after all. If let's say, a certain company would cut them vital information required for the lowlevel of the system so that their antivirus technology work effectively (on their future OS), well I can see a very *VERY* persuasive effort that could just work.
I am happy for the people at security focus if it pays off their hard work, but I am worried about the quality and most importantly, the neutrality of the service that will result from this acquisition.
Re:The new BugTraq (Score:5, Insightful)
While exaggerated, I think your post is probably and example of the future of any mailing list done by SecurityFocus. Sad. Symantec always seemed cheap and sleezy to me while SecurityFocus at least tried to be legitimate.
With this purchase, SecurityFocus' credibility (at least with me) has gone out the window. I can't see how they can continue to be credible when they've got a company in charge that ONLY cares about the bottom line. Just look at their irresponsible virus warnings (as you've so clearly demonstrated). Boooooo!
Re:What Aleph1 has to say... (Score:3, Insightful)
It doesn't matter (Score:5, Insightful)
Getting something to work like bugtraq technically is absolutely no problem. A mailing list with 30000 subscribers, ok let it be 300000, isn't voodoo.
The "selling point" of bugtraq is/was the trust many people have in them, the people which post there, their policy. If anything would cause people to mistrust them, it needs just one trusted guy from the security community to start a new list, and bugtraq is dead. I've even read a post that one alternative has already started.
If someone like Dan Farmer, Wietse Venema or, for the hell of it, Bruce Schneier decided to start a bugtraq clone, the original would not stand a chance if its reputation had already been damaged.
Aleph1; and, all good things come to an end. (Score:5, Insightful)
We believe that in order for the SecurityFocus/Bugtraq community to be effective, it must be an independent entity. We believe that its current disclosure policy is appropriate for the venue. Symantec will continue to operate with its separate disclosure policy.
Pretty words, Mr. Levy and Mr. Ahmad. Now where is the proof?
Those of us who are working journalists remember the transition of ABC News under Roone Arlege from Cronkite-esque "news" to "entertainment" -- and know that "independence" is a very fragile concept, one that can be crushed very quickly and with little fanfare at any level including the board room. All it takes is one vote of no-confidence on the part of the management to completely change the editorial head, and thus the independence of SecurityFocus. You most likely mean well -- can the same be said of your bosses? Can you point to one Symantec acquition that proved that editorial independence has been achieved in the long run?
I was an expert witness at a multi-million dollar trial because a well-respected computer magazine's editorial staff prostituted themselves to shore up a bad space-sales management decision. It only takes one episode to sully the good name of a publication. (The name of the publication is withheld from public statement to protect the guilty and to keep me out of civil court for defamation.)
I'm happy you were able to get a pile of money, but don't think that SecurityFocus will be viewed the same way. Now, if you had made the sale to an outfit like O'Reilly, the SecurityFocus name would have retained its luster and elan in the industry.
All good things must come to an end. Thanks for all the fish.
Re:Where is Symantec headed? (Score:2, Insightful)
Re:What Aleph1 has to say... (Score:3, Insightful)
Personally, I like nothing better than to get code which demonstrates and exploit, and see if the architecture I have put in place is designed well enough to stop attackers, or at least properly minimize the risk to my servers.
What good will this do anyhow? Do they think script kiddies will not get the exploit code now? Or is this calculated to give Symantec, and those who will partner with them (no doubt, in exchange for a hefty chunk of change) a distinct advantage over the general public?
Thank you for protecting me, and all sys-admins out there, from ourselves. How stupid we were to think we could secure and test the security of our systems without Symantec's approval!
Re:Conflict of Interest? - Valid conerns, but... (Score:3, Insightful)
But, I would say two things in their defense:
1) They tend to hype more than hide. The worst thing is that they will try to get securityfocus.com on the map with IT execs by hyping the security flaws disclosed in bugtraq. Now, it's a double-edge sword, but I don't think it will be awful if certain M$-based operating systems were a bit more publicly scrutinized.
2) Slashdot didn't change after the aquisition, at least not outwardly. I don't work here, so I can't talk about the behind-the-scenes, but the postings are as hard-hitting as ever. Granted, Andover isn't a corporation the size or with the intrests of Symantec. But it's a valid point.