Symantec confirms source code leak in two enterprise security products

From InfoWorld: Symantec late Thursday confirmed that source code used in two of its older enterprise security products was publicly exposed by hackers this week.

In a statement, the company said that the compromised code is between four and five years old and does not affect Symantec's consumer-oriented Norton products as had been previously speculated.

"Our own network was not breached, but rather that of a third party entity," the company said in the statement. "We are still gathering information on the details and are not in a position to provide specifics on the third party involved. Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec's solutions," the statement said.

Symantec spokesman Cris Paden identified the two affected products as Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2. Both products are targeted at enterprise customer and are more than five years old, Paden said.

"We're taking this extremely seriously, but in terms of a threat, a lot has changed since these codes were developed," Paden said. "We distributed 10 million new signatures in 2010 alone. That gives you an idea of how much these products have morphed since then, when you're talking four and five years."

Symantec is developing a remediation process for enterprise customers who are still using the affected products, Paden noted. Details of the remediation process will be made available in due course, he added.

View: Article @ Source Site