There's been considerable discussion this weekend of the recent sale of SecurityFocus to mega-corporation Symantec for a sweet $75 million. At issue in particular is SF's BugTraq mailing list, which has for years been the most popular full-disclosure vulnerability list going.. . .
There's been considerable discussion this weekend of the recent sale of SecurityFocus to mega-corporation Symantec for a sweet $75 million. At issue in particular is SF's BugTraq mailing list, which has for years been the most popular full-disclosure vulnerability list going.

While Symantec has stated that it will not exert influence on BugTraq, which it now owns, many list members find that assurance hard to trust. However, in this case only time will tell. I personally have little doubt that the SF staff intend to keep BugTraq and its extensive archives independent and free. Whether they'll succeed in the long run is an entirely different matter.

The deal has generated further controversy because SF has sold something quite valuable which it received free of charge, namely the exploits submitted by list members. These are valuable for developing scanning software like Snort, Nessus, and the like. And naturally, when this much cash changes hands, people may get envious. They may also feel they're owed something for the free contributions they've voluntarily made.