Spartak - Fotolia
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the sale of Symantec Website Security to DigiCert and what it means for Symantec's troubled certificate business.
DigiCert Inc.'s acquisition of Symantec Website Security was completed last week, but concerns in the browser community still remain about Symantec's SSL certificates.
DigiCert agreed to acquire the Symantec Website Security division, which includes the vendor's public key infrastructure (PKI) business, in August, following months of negotiations between Symantec and web browser giants Google and Mozilla regarding widespread issues with the security vendor's certificate authority. Those issues included certificate mis-issuance and a lack of proper auditing, which led Google and Mozilla to propose a removal of trust for certificates issued by Symantec Website Security.
After tense negotiations and delays, Symantec ultimately agreed to a remediation plan that would turn over its SSL certificate operations to another trusted certificate authority that would oversee issuance and validation. Instead of choosing a third-party partner, Symantec agreed to sell its PKI business to DigiCert.
However, Mozilla expressed concerns that Symantec's old PKI operations, as well as its culture and processes, would continue to operate despite DigiCert assuming ownership of the business -- DigiCert has said that all Symantec certificates will be issued and validated by DigiCert's PKI by Dec. 1.
Questions still remain about how DigiCert will address the systemic problems within the Symantec Website Security division and when they will be resolved. SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.
Risk & Repeat: Responsible encryption rhetoric ramps up
Risk & Repeat: Is vulnerability marketing problematic?
Risk & Repeat: DEFCON warns of voting machine security issues