|
From
|
putro <putro@autistici.org>
|
|
Date
|
Thu, 18 Jul 2002 22:30:41 +0200
|
|
Subject
|
[HaCkmEeTiNg] Fwd: Administrivia: Symantec acquiring SecurityFocus
|
----- Forwarded message from putro@autistici.org -----
From: aleph1@securityfocus.com
Subject: Administrivia: Symantec acquiring SecurityFocus
Newsgroups: autistici.ml.bugtraq
Good day,
Today, SecurityFocus and Symantec announced that Symantec is acquiring
SecurityFocus. Symantec sees real value in the services SecurityFocus
provides to its customers and believes they are an excellent fit with
their current offerings. We at SecurityFocus see this as an opportunity to
provide even better services for the security community.
Symantec recognizes the value and uniqueness of the public services
SecurityFocus provides to the community, such as the numerous mailing
lists we host and the content we provide via the SecurityFocus Online web
site.
In particular, Symantec and SecurityFocus want to ease any fears as to
whether the character of this mailing list will change.
Frequently Asked Questions:
Q. What is the Symantec strategy for keeping data sources?
A. We believe it is critical to maintain the integrity of the existing
security community currently part of the SecurityFocus portal and
Bugtraq mailing list.
Q. What is Symantec's disclosure policy?
A. Symantec believes in responsible vulnerability disclosure and is active
in initiatives to set best practices in this area. Our first priority
is to help our customers protect their computing assets by providing
tools and information to safeguard their systems.
We will work with vendors, if we discover vulnerabilities in other
products, to report and investigate the issue in a thorough and timely
fashion, in the same way that Symantec will work with other security
researchers if they find an issue with any Symantec technology.
We observe a 30-day grace period after the notification of a security
advisory to give users an opportunity to apply the patch. During this
grace period, we provide our customers significant information about
the vulnerability and the fix, but not step-by-step instructions for
exploiting the vulnerability. We do not provide detailed exploit code
or provide samples of malicious code except to other trusted security
researchers and in a secured manner.
Q. Will Symantec change SecurityFocus' vulnerability reporting policy?
A. We believe that in order for the SecurityFocus/Bugtraq community to be
effective, it must be an independent entity. We believe that its
current disclosure policy is appropriate for the venue. Symantec will
continue to operate with its separate disclosure policy.
Sincerly,
Elias Levy, David Ahmad,
and the rest of the SecurityFocus staff
----- End forwarded message -----
---
To unsubscribe from this list: send the line "unsubscribe hackmeeting" in
the body of a message to majordomo@kyuzz.org
![[<--]](/icons/prev.gif){kind=icon}
![[-->]](/icons/next.gif){kind=icon}