Symantec Defends BugTraq Policies | eWeek

Symantec Defends BugTraq Policies

Écrit par
Dennis Fisher
Dennis Fisher
Apr 1, 2003
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Symantec Corp. officials are defending their practices for handling postings to the BugTraq mailing list in the face of criticism from an upstart competitor. The way the list is run and when messages are posted hasnt changed at all since Symantec acquired BugTraqs owner, SecurityFocus, last summer, executives say.

“What I can tell you is that we never delay posting any message to BugTraq. And everyone gets access to the messages at the same time,” said Art Wong, vice president of security response at Symantec, based in Cupertino, Calif., and the former CEO of SecurityFocus.

Wongs comments contradict charges made by executives at Secunia Ltd., a Danish security company that has started a new mailing list meant to replace BugTraq. The list will aggregate vulnerability advisories from several sources. Officials at the company said last week that theyre starting the list because of what they perceive as changes in BugTraq in recent months.

“The problem with SecurityFocus is not that they moderate the lists, but the fact that they deliberately delay and partially censor the information,” said Thomas Kristensen, CTO of Secunia, based in Copenhagen, Denmark. “Since they were acquired by Symantec they changed their policy regarding BugTraq. Before they used to post everything to everybody at the same time. Now they protect the interests of Symantec, delay information and inform their customers in advance.”

Wong says there is no truth to these accusations.

“The early warnings that our DeepSight customers get come from places like BugTraq and events and incidents that we monitor,” Wong said. “We dont give those alerts [from BugTraq] to our customers any sooner than anyone else gets them.”

The DeepSight Threat Management System, SecurityFocus flagship product, is an early-warning system that pulls data from IDS and firewalls to alert administrators to emerging problems.

Wong stressed that the people who run the BugTraq list operate independently of the Symantec corporate structure and handle every message the same way.

“These guys carry SecurityFocus business cards, and they handle Symantec vulnerabilities the same way they handle anyone elses,” he said. “BugTraq has been operating this way since 1993, it was that way before they acquired us and its remained that way since [the acquisition in] August 2002.”

Latest Security News:

Search for more stories by Dennis Fisher.
Find white papers on security.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.