Anonymous may have been behind the pcAnywhere theft, but it appears the certificate thefts were from a more serious opponent.
That just makes it more important that Symantec or any other security company fess up right away to attacks and whatever the worst potential scenario might be, to allow customers to prepare their own defenses.
It's bad enough if you're Microsoft and a big security issue slows someone's productivity or makes it easier for snoops to read a stranger's email or documents.
It's much worse if that customer is counting on you to help keep a whole company secure.
That role puts a heavier responsibility on the vendor – the responsibility to admit up front how bad a problem could be and help ameliorate it, not just dribble out the bad news a bit at a time so customers don't get frightened for their safety and lose respect for the vendor.
Much better that they should feel safe for the few weeks it takes whoever stole the source code to get around to robbing them.
You can't underestimate the impact of bad news, or (apparently) the need for major vendors to ration the kind of news that helps customers but makes vendors look bad.
Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.