Compliance Management, Vulnerability Management

Symantec terminates employees for unauthorized HTTPS certificates

Share

Symantec terminated employees involved in issuing unauthorized HTTP certificates for Google webpages.

The certificates "did not leave Symantec's secure testing labs, and did not affect the security or privacy of any user or organization," the company said, stressing it takes procedural breaches "extremely seriously."

The company is "putting even stronger safeguards in place to prevent an issue like this from occurring again," according to a statement emailed to SCMagazine.com.

Symantec Vice President of Engineering Quentin Liu wrote in a blog post that the "test certificates and keys were always within our control and were immediately revoked" once discovered.

And Google security blog noted that Chrome's revocation metadata had been updated to include the public key of the mis-issued certificate for the domains google.com and www.google.com.

Separately, Symantec named appointed Dan Rogers, formerly a vice president at Salesforce.com, as chief marketing officer.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.