[rplnt]

Still, the code is worthless for anyone if your product is secure. And I would imagine that product by security company would be secure.

Antivirus software might be something different as you might learn how to trick it. But "remote desktop"? It doesn't require any "security by obscurity".

[onedognight]

> Still, the code is worthless for anyone if your product is secure. And I would imagine that product by security company would be secure.

Actually they had known vulnerabilities, but they didn't think it worth their time to fix them until their code was to be released.

http://www.symantec.com/theme.jsp?themeid=anonymous-code-cla...

> On Friday, January 27, 2012, Symantec released a patch that eliminates known vulnerabilities affecting customers using pcAnywhere 12.0 and pcAnywhere 12.1.

[scoot]

Poorly worded that's all, after all, you can't fix unknown vulnerabilities.

[lambersley]

"..product by security company would be secure"

By this logic, wouldn't you also expect the storage of the source code to be secured?

In my mind, security implies all forms; physical, logical, in-transit, at rest, etc

[rplnt]

> By this logic, wouldn't you also expect the storage of the source code to be secured?

No, developers have to have access to the code and they can just steal it. And this wasn't even the case. If I read correctly, the code was leaked by 3rd party (some India state agency) which had it for some sort of security review.

[djtriptych]

The source is still pretty valuable to a competitor right?

[rplnt]

I would say no. Although I might be mistaken as I don't know what exactly is the application capable of. But from the brief description I think it doesn't contain any magic; something that competitor would love to see. The only benefit I see for competitors is the bad press.

[ConstantineXVI]

Not if Symantec has any proof that they've touched it. You're legally screwed if you touch this code thanks to any combination of patents, trade secrets, or even good old-fashioned copyright violation (just because the source is out there doesn't mean you can use it).