News: Symantec to acquire SecurityFocus
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: News: Symantec to acquire SecurityFocus

  1. #1
    Senior Member
    Join Date
    Apr 2002

    News: Symantec to acquire SecurityFocus


    I'm not quite sure how to feel about this one... I don't use Norton anymore since Symantec bought them, and, well...

    Symantec to Acquire SecurityFocus

    Offers Most Complete Security Early Warning System Available

    CUPERTINO, Calif. - July 17, 2002 - Symantec Corp. (Nasdaq: SYMC) today
    announced the acquisition of SecurityFocus for approximately US$75 million in
    cash. With this acquisition, Symantec will offer customers the most
    comprehensive, proactive early warning system across the broadest range of
    threats. The transaction is expected to close by early to mid-August 2002.

    "SecurityFocus has established the most respected security community and
    developed one of the leading early warning systems for customers around the
    world," said John W. Thompson, Symantec chairman and chief executive officer.
    "This acquisition will broaden Symantec's leadership in Internet security
    response with the addition of the world's first global threat management
    system, the most complete vulnerability database and customizable alert

    "We have developed our global threat management systems to provide customers
    with timely and actionable information relevant to their individual networks,"
    said Arthur Wong, SecurityFocus co-founder and chief executive officer.
    "Combined with Symantec's world-class antivirus expertise, industry-leading
    intrusion detection solutions and back-end infrastructure, we can rapidly
    deploy the most comprehensive threat management solutions to our global
    customers worldwide."

    SecurityFocus has developed the world's most comprehensive and up-to-date
    database of vulnerabilities available. Symantec will continue to license the
    Vulnerability Database to security product vendors, managed service providers
    and other organizations that use it to create powerful new security products
    and services for their customers.

    In addition, Symantec will continue to manage the Bugtraq mailing list and the
    online security community under the SecurityFocus brand. It will continue to
    offer a forum for objective reporting by security experts on the latest IT
    threats and attacks as well as how to prevent security breaches.

    Symantec will also leverage the DeepSight line of global threat management
    solutions. The DeepSight Threat Management System provides early warning of
    attacks along with specific threat and patch information allowing companies to
    proactively protect their networks. More than 15,000 partners in more than 175
    countries are registered to automatically provide a constant stream of security
    data that is correlated and analyzed to identify active attacks.

    DeepSight Analyzer gives IT professionals the ability to track and manage
    incidents on their own networks by automatically correlating attacks from a
    multitude of intrusion detection solutions. The product manages threats by
    comparing incidents on their network against the Vulnerability Database,
    tracking attacks to resolution and generating statistical incident reports.
    Using information about suspicious network traffic and intrusions submitted by
    anonymous users, SecurityFocus identifies patterns in attacks that help serve
    as a threat-gauging system for the Internet community.

    By monitoring almost 11,000 distinct versions of more than 2,700 products from
    1,300 vendors, SecurityFocus provides proactive, customized alert services for
    environment-specific vulnerabilities and malicious code alerts. DeepSight Alert
    Services can be configured to ensure that customers receive only alerts that
    are relevant to their networks, enabling them to deploy patches or work-arounds
    before vulnerabilities can be exploited.
    \"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"

  2. #2
    Senior Member Ouroboros's Avatar
    Join Date
    Nov 2001
    Superior, WI USA
    Saw it coming after all of the problems that security focus had been having as of late...

    The new website is awful pretty, though, eh?

    "entia non sunt multiplicanda praeter necessitatem"

    "entities should not be multiplied beyond necessity."

    -Occam's Razor

  3. #3
    Senior Member
    Join Date
    Apr 2002
    Oh oh. Bad news.
    does it mean that SecurityFocus will advice us to use Norton firewall? lol

    I'm laughing but it could be serious. Symantec will probably use the good reputation of SecurityFocus to increase their own reputation and to sell their products.
    Life is boring. Play NetHack... --more--

  4. #4
    Senior Member
    Join Date
    Sep 2001
    I just hope they don't screw-up with the good work securityfocus had going...

    Credit travels up, blame travels down -- The Boss

  5. #5
    Join Date
    Jul 2002
    I agree with Ammo. Really hope they dont screw it up.

  6. #6
    Join Date
    Jul 2001

    Does anyone else have a problem with Bugtraq being run by a product vendor?

    Also, $75million seems kind of cheap. I wonder how much VC they burnt through before being bought out?

  7. #7
    Senior Member
    Join Date
    Sep 2001
    JP: Well, yeah... But what can we do...
    Perhaps Antionline could buy Symantec!

    Credit travels up, blame travels down -- The Boss

  8. #8
    Join Date
    Jul 2002
    I'm afraid here could be the same situation which happened when nVidia aquired 3dfx.
    Give man a fish and he will ask for more.
    Teach man to fish and he will never ask again.
    \"Chinese proverb\"

  9. #9
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Flint, MI
    This is from their announcement on the bugtraq mailing list:
    Frequently Asked Questions:

    Q. What is the Symantec strategy for keeping data sources?

    A. We believe it is critical to maintain the integrity of the existing
    security community currently part of the SecurityFocus portal and
    Bugtraq mailing list.

    Q. What is Symantec's disclosure policy?

    A. Symantec believes in responsible vulnerability disclosure and is active
    in initiatives to set best practices in this area. Our first priority
    is to help our customers protect their computing assets by providing
    tools and information to safeguard their systems.

    We will work with vendors, if we discover vulnerabilities in other
    products, to report and investigate the issue in a thorough and timely
    fashion, in the same way that Symantec will work with other security
    researchers if they find an issue with any Symantec technology.

    We observe a 30-day grace period after the notification of a security
    advisory to give users an opportunity to apply the patch. During this
    grace period, we provide our customers significant information about
    the vulnerability and the fix, but not step-by-step instructions for
    exploiting the vulnerability. We do not provide detailed exploit code
    or provide samples of malicious code except to other trusted security
    researchers and in a secured manner.

    Q. Will Symantec change SecurityFocus' vulnerability reporting policy?

    A. We believe that in order for the SecurityFocus/Bugtraq community to be
    effective, it must be an independent entity. We believe that its
    current disclosure policy is appropriate for the venue. Symantec will
    continue to operate with its separate disclosure policy.
    They claim that bugtraq isn't going to be changed, but who knows. Especially after things like the apache chunk exploit. Considering that was released without any warning, which goes against Symantics disclosure policy. And what happens when someone releases a flaw in NAV or their firewall? Do they let the announcement go, or willl they filter it? It just seems really bad to me.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  10. #10
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Flint, MI

    Looks like Symantic also picked up Riptech Inc. and Recourse Technologies Inc. at the same time. And all for the low low price of $355 Million cash....
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts