Symantec record: Two major hacks, two major delays admitting fault, risk to customers

'Stop using pcAnywhere' Symantec says, almost a month after unveiling 2006 source code theft

By  

Anonymous may have been behind the pcAnywhere theft, but it appears the certificate thefts were from a more serious opponent.

That just makes it more important that Symantec or any other security company fess up right away to attacks and whatever the worst potential scenario might be, to allow customers to prepare their own defenses.

It's bad enough if you're Microsoft and a big security issue slows someone's productivity or makes it easier for snoops to read a stranger's email or documents.

It's much worse if that customer is counting on you to help keep a whole company secure.

That role puts a heavier responsibility on the vendor – the responsibility to admit up front how bad a problem could be and help ameliorate it, not just dribble out the bad news a bit at a time so customers don't get frightened for their safety and lose respect for the vendor.

Much better that they should feel safe for the few weeks it takes whoever stole the source code to get around to robbing them.

You can't underestimate the impact of bad news, or (apparently) the need for major vendors to ration the kind of news that helps customers but makes vendors look bad.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question