Symantec Defends BugTraq Policies
Last week, a Danish security company accused Symtantec of deliberately delaying and partially censoring information.Symantec Corp. officials are defending their practices for handling postings to the BugTraq mailing list in the face of criticism from an upstart competitor. The way the list is run and when messages are posted hasnt changed at all since Symantec acquired BugTraqs owner, SecurityFocus, last summer, executives say. "What I can tell you is that we never delay posting any message to BugTraq. And everyone gets access to the messages at the same time," said Art Wong, vice president of security response at Symantec, based in Cupertino, Calif., and the former CEO of SecurityFocus. Wongs comments contradict charges made by executives at Secunia Ltd., a Danish security company that has started a new mailing list meant to replace BugTraq. The list will aggregate vulnerability advisories from several sources. Officials at the company said last week that theyre starting the list because of what they perceive as changes in BugTraq in recent months.
"The problem with SecurityFocus is not that they moderate the lists, but the fact that they deliberately delay and partially censor the information," said Thomas Kristensen, CTO of Secunia, based in Copenhagen, Denmark. "Since they were acquired by Symantec they changed their policy regarding BugTraq. Before they used to post everything to everybody at the same time. Now they protect the interests of Symantec, delay information and inform their customers in advance."
Find white papers on security.