Symantec has confirmed that some of the source code for two of its antivirus products has been stolen. The company was quick to downplay the incident however, noting that the affected products were Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2, which are four and five years old respectively. Symantec emphasized that this does not affect Symantec's Norton products for its consumer customers.

A hacker group calling itself the Lords of Dharmaraja has claimed responsibility and say they discovered the source code in a hack conducted on military and intelligence servers belonging to the Indian government. The presence of source code belonging to a "dozen software companies" was also mentioned. The hackers say these companies have signed agreements with the Indian government that gave them access to the source code.

The primary fear of such a leak is the potential for the exposed source code to help hackers circumvent it altogether or curtail its effectiveness. However, some analysts have pointed out that the damage should be limited given the rapidity in which security threats and defenses have evolved over the years.

There is no denying, however, that the basic framework of a large software application like Symantec Endpoint Protection is hardly something that is rewritten often, if at all. Moreover, common components or core modules of software could also be reused between similar products made by the company.

Finally, given Symantec's assertion that the network of a "third party entity" was breached, yet another question would be what the company's source code is doing on a government server. Did government security forces already find ways to bypass business security software years ago?

For more:
- check out this article at The Register
- check out this article at The New York Times
- check out this article at Forbes

Related Articles:
Tools released to break into Wi-Fi Protected Setup within hours
March hack the result of RSA security lapse, says researcher
Texas water plant hacker: Password was just 3 characters