Symantec Buys SecurityFocus/BugTraq
from the who-can-you-trust? dept
Symantec today announced they have purchased SecurityFocus, along with its BugTraq mailing list for $75 million. BugTraq, of course, is the main list to find out about where major security holes are. There are now a ton of people wondering just how quickly Symantec will screw up SecurityFocus. While the folks at SecurityFocus insist that Symantec has assured them they'll be able to continue without changing anything, many aren't so sure. Symantec has a history of overhyping virus warnings, and if they see BugTraq as a way to do the same thing for security holes, that could be a problem. At the same time, Symantec, as a big corporation may have incentive to hold back certain security hole info to protect their corporate relationships. Of course, what will probably happen is that a new independent source for security holes will soon pop up, and BugTraq will lose a lot of its value.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Bugtraq more screwed up than it already is?
Used to be that anyone with a bug didn't have to worry about whether or not they were "recognizable" enough to post. "Full disclosure" was a status quo, and Aleph1 pushed anything on the list worth posting onto the list. I remember asking him a few times whether something was worth posting, to which he would say that if it was a bug it was worth posting.
Now it seems more and more of the bug reports which should be posted are being "lost". I've had a number of my bug reports (which were accepted elsewhere (i.e. Mitre CVE),) rejected or timed out. Seems like now-a-days, the only folks to be able to post are those from recognizable "hacker" groups or those companies which are in bed with SecurityFocus. Gweed was definately right, bugtraq has become nothing more than a place to show off your security company...Free PR for ISS and companies like that, who can post irresponsible bug reports for the sole purpose of sales, or Gobbles for the sole purpose of histerical and unfactual political rants.
I've found that the other vulnerability mailing lists tend to be much more responsive, less political or sales oriented.
[ link to this | view in thread ]