Symantec snaps up SecurityFocus

Antivirus firm Symantec rocked the security world yesterday with the announcement that it is to acquire independent security company SecurityFocus.

The $75m cash transaction is expected to be complete by mid-August.

Symantec claimed that the move would offer customers "the most comprehensive, proactive early warning system across the broadest range of threats".

But the deal has been greeted with suspicion by its own community and members of its Bugtraq mailing list.

According to the announcement, Symantec will "take over management of the Bugtraq mailing list and the online security community under the SecurityFocus brand".

It will also manage the forum "for objective reporting by security experts on the latest IT threats and attacks as well as how to prevent security breaches".

But a discussion which flared up on the Slashdot forum revealed a less than enthusiastic user base.

"Will we be seeing more minor security issues inflated to cataclysmic proportions just so Symantec can sell a few more virus scanners?" asked one user.

Another, presumably ex-SecurityFocus, user said: "Symantec always seemed cheap and sleazy to me while SecurityFocus at least tried to be legitimate. With this purchase, SecurityFocus' credibility (at least with me) has gone out the window."

Elias Levy and David Ahmad, of SecurityFocus, tried to alleviate these fears by saying that the acquisition would not change the firm's vulnerability reporting policy.

"We believe that, in order for the SecurityFocus/Bugtraq community to be effective, it must be an independent entity. We believe that its current disclosure policy is appropriate for the venue. Symantec will continue to operate with its separate disclosure policy," they said.

But it seems that SecurityFocus will now have an uphill struggle on its hands to regain the confidence of its user base.

As one other reader commented: "Even if Bugtraq keeps its objectivity (and what a big 'if' is that!), doubt will remain. A critical resource for the security community has been lost, at least because of the lack of credibility in the new owners."