Symantec Buys SecurityFocus/BugTraq

from the who-can-you-trust? dept

Symantec today announced they have purchased SecurityFocus, along with its BugTraq mailing list for $75 million. BugTraq, of course, is the main list to find out about where major security holes are. There are now a ton of people wondering just how quickly Symantec will screw up SecurityFocus. While the folks at SecurityFocus insist that Symantec has assured them they'll be able to continue without changing anything, many aren't so sure. Symantec has a history of overhyping virus warnings, and if they see BugTraq as a way to do the same thing for security holes, that could be a problem. At the same time, Symantec, as a big corporation may have incentive to hold back certain security hole info to protect their corporate relationships. Of course, what will probably happen is that a new independent source for security holes will soon pop up, and BugTraq will lose a lot of its value.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    LittleW0lf, 17 Jul 2002 @ 8:22pm

    Bugtraq more screwed up than it already is?

    Bugtraq hasn't been the same for a very long time...ever since Aleph1 turned over the mailing list to the corporate weenies.

    Used to be that anyone with a bug didn't have to worry about whether or not they were "recognizable" enough to post. "Full disclosure" was a status quo, and Aleph1 pushed anything on the list worth posting onto the list. I remember asking him a few times whether something was worth posting, to which he would say that if it was a bug it was worth posting.

    Now it seems more and more of the bug reports which should be posted are being "lost". I've had a number of my bug reports (which were accepted elsewhere (i.e. Mitre CVE),) rejected or timed out. Seems like now-a-days, the only folks to be able to post are those from recognizable "hacker" groups or those companies which are in bed with SecurityFocus. Gweed was definately right, bugtraq has become nothing more than a place to show off your security company...Free PR for ISS and companies like that, who can post irresponsible bug reports for the sole purpose of sales, or Gobbles for the sole purpose of histerical and unfactual political rants.

    I've found that the other vulnerability mailing lists tend to be much more responsive, less political or sales oriented.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.