Company now says code -- including Norton Antivirus -- was stolen from them in 2006 but we shouldn't worry. Right. Earlier this month an Indian hacking group published source code for two of Symantec’s enterprise security programs, which the company claimed was stolen from a third-party source. Tuesday the plot thickened to a point of near-total confusion as Symantec admitted A) it was their network that was hacked, B) a lot of other code – including Norton Antivirus – got stolen, and C) it all happened in 2006. It now turns out that not only was code was stolen for enterprise security programs Endpoint Protection 11.0 and Antivirus 10.2, but also Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere. The company says the code was taken in a previously unreported 2006 infiltration of its systems. Not to worry, though. Symantec has assured the world that that the code is old and thus cannot hurt us. “Due to the age of the exposed source code … Symantec customers – including those running Norton products – should not be in any increased danger of cyber attacks resulting from this incident.” Others beg to differ. Not just any others but John Viega who used to work at McAffee as CTO and VP of engineering for the software-as-a-service business unit and before that was McAfee’s chief security architect. “The fact of the matter is it’s highly unlikely that Symantec completely rebuilt its AV product in six years and deployed a new, ground-up version to all of its customers – especially when trying to maintain compatibility with old signatures,” says Viega, now executive vice president of products and engineering at Perimeter E-Security. “If there is any lingering code from the 2006 version at all, there is significant risk of a security threat by people accessing the source code. The unfortunate reality is that security flaws can stay in products for decades without detection, despite frequent security reviews and product enhancements.” Viega calls Symantec’s explanation for the events “implausible” and it’s hard for anyone to argue with that. If the company’s account is true it means that either the company didn’t know about the break-in for six years or it knew about the break-in but didn’t know what got taken. Either version is more believable than what we’ve been told and raise even more questions about the security company’s own security and trustworthiness. Related content Opinion Why Bitcoins are Just as Viable as Any Other Currency The true value of any currency is a reflection of how much people believe it's worth, according to CIO blogger Constantine von Hoffman. But it's wise to remember just how fast beliefs can change. By Constantine von Hoffman Apr 15, 2013 4 mins Government Technology Industry Opinion No Surprise: Docs Show Obama Administration Lying About Drones President Obama has repeatedly said drones would only be used against members of al Qaida and allied groups. However, leaked intelligence documents show the administration has been using them to settle political and tribal feuds for at least four yea By Constantine von Hoffman Apr 10, 2013 3 mins Regulation Government Opinion How Big Data Can Quickly Become Big Garbage The bigger the data the bigger the chance of mistakes or inaccuracies. In that vein, a large database used by retailers to screen people accused of stealing from employers is identifying innocent people and could result in major lawsuits, according t By Constantine von Hoffman Apr 04, 2013 2 mins Big Data Opinion Why Crazy Trumps Logic on the Internet The earth is flat. Vaccines cause autism. 9/11 was a government conspiracy. These are just a few of the many ideas that continue to find adherents online despite overwhelming proof that they're not based on fact. CIO.com blogger Constantine von By Constantine von Hoffman Apr 02, 2013 3 mins Government Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe