This article can also be found in the Premium Editorial Download "Information Security magazine: Reflections on the impact of Sarbanes-Oxley."
Download it now to read this article plus other related content.
END OF THE GOOD OL' DAYS
By the time Symantec bought @stake in 2004, the talent drain was well under way. Zatko had left in 2002. The Litchfield brothers had left to start NGS Software, along with Chris Anley and a couple of other @stakers. Snyder and Swiderski took off for jobs in Microsoft's new security organization. Adrian Ludwig, an application security consultant, jumped at a chance to create the Secure Software Engineering team at Macromedia (now Adobe), and four other @stake employees later followed.
"Everybody's mindset was 'Let's break even.' We did way better than a lot of other companies that didn't make it as long as @stake did," says Christien Rioux, a former L0pht member who joined @stake at its founding. "I don't think there were any hurt feelings. Everyone was pleased that @stake had a sustainable business model. But the question was, would it ever expand or grow."
Since the acquisition, the critical mass of talent assembled at @stake has spread out across a number of industries, creating a diaspora that has served as the foundation for any number of start-ups, security teams and consulting shops.
The role @stake and its people played in shaping today's security industry was significant, and it's clear its influence will be felt for many years.
"We had the biggest congregation of application security experts by far. At some point it just couldn't grow anymore because we had already amassed everyone," says Wysopal. "I'm surprised by how often we bump into an ex-@staker. We're everywhere, running security teams, doing application testing, everything. It was a great place."
This was first published in January 2008