Symantec Buys SecurityFocus/BugTraq

from the who-can-you-trust? dept

Symantec today announced they have purchased SecurityFocus, along with its BugTraq mailing list for $75 million. BugTraq, of course, is the main list to find out about where major security holes are. There are now a ton of people wondering just how quickly Symantec will screw up SecurityFocus. While the folks at SecurityFocus insist that Symantec has assured them they’ll be able to continue without changing anything, many aren’t so sure. Symantec has a history of overhyping virus warnings, and if they see BugTraq as a way to do the same thing for security holes, that could be a problem. At the same time, Symantec, as a big corporation may have incentive to hold back certain security hole info to protect their corporate relationships. Of course, what will probably happen is that a new independent source for security holes will soon pop up, and BugTraq will lose a lot of its value.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Symantec Buys SecurityFocus/BugTraq”

Subscribe: RSS Leave a comment
1 Comment
LittleW0lf says:

Bugtraq more screwed up than it already is?

Bugtraq hasn’t been the same for a very long time…ever since Aleph1 turned over the mailing list to the corporate weenies.

Used to be that anyone with a bug didn’t have to worry about whether or not they were “recognizable” enough to post. “Full disclosure” was a status quo, and Aleph1 pushed anything on the list worth posting onto the list. I remember asking him a few times whether something was worth posting, to which he would say that if it was a bug it was worth posting.

Now it seems more and more of the bug reports which should be posted are being “lost”. I’ve had a number of my bug reports (which were accepted elsewhere (i.e. Mitre CVE),) rejected or timed out. Seems like now-a-days, the only folks to be able to post are those from recognizable “hacker” groups or those companies which are in bed with SecurityFocus. Gweed was definately right, bugtraq has become nothing more than a place to show off your security company…Free PR for ISS and companies like that, who can post irresponsible bug reports for the sole purpose of sales, or Gobbles for the sole purpose of histerical and unfactual political rants.

I’ve found that the other vulnerability mailing lists tend to be much more responsive, less political or sales oriented.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...