Yesterday, researchers at Sunbelt discovered a minor XSS issue in McAfee’s SiteAdvisor. It lasted all of about 30 minutes and was rapidly and deftly handled by the SiteAdvisor team. In my eyes, the speed and responsiveness of the handling was a real credit to their organization and we were impressed.
We threw up a quick blog post on it and moved on. The post was only intended in the spirit of a bit of fun — we knew the issue was extremely minor and that the SiteAdvisor team was already handling it.
Regrettably, our little post apparently generated quite a bit of upset by some of our friends at McAfee — and for that, I apologize. We work closely with other security companies, including McAfee, on a broad range of security issues, and it’s not our intention to create rancor with other companies. Rest assured that Sunbelt deals with any major security issues under industry standard responsible disclosure guidelines. So to our friends at McAfee — we apologize. Drinks at VirusBulletin are on us (and I may really regret that offer…).
Alex Eckelberry