In a fairly amazing response, Symantec began rolling out a patch this past weekend to the corporate edition of it’s anti-virus software to fix a flaw reported earlier in the week. I had noted in my original post on the problem that the existence of the flaw would not be the defining issue, it would be the response by Symantec.
Symantec says they worked 24 hours to come up with the fix, as opposed to some companies taking months to deliver a patch. Whether this was indicative of their responsiveness or seriousness of hte flaw is not important at this point. The fact they mobilized a response and had a fix out in a matter of days shows other companies how to properly handle security issues. You mobilize every department to identify and solve the issue. It’s what customers expect and Symantec did themselves proud on this one.
As a side note, I do applaud eEye Digital Securit Inc. for identifying the flaw, notifying Symantec and most importantly, not releasing details on how the loophole could be exploited by others.
Posted by Jeff