ABOUT SYMANTEC

Press Release

Symantec Secure Application Services Identify and Mitigate Application Security Risks

CUPERTINO, Calif. - Oct. 31, 2005 - Symantec Corp. (NASDAQ: SYMC) today announced the availability of Symantec Secure Application Services, a new offering from Symantec Consulting Services that provides organizations with the ability to design, test, and maintain the security of business applications. Intended for organizations whose business is reliant upon data integrity in the applications they develop, use, or sell, Symantec Secure Application Services help clients reach goals for quality, reliability, time-to-market, and competitiveness.

These services provide unmatched expertise in helping organizations to meet regulatory requirements for protecting sensitive customer data, reduce potential business disruptions caused by exploitation of insecure applications, protect corporate reputation, and build brand trust. Symantec application security consultants leverage experience gained from testing thousands of applications for security vulnerabilities and through years of providing support in a wide variety of development environments.

"As the industry witnesses a rise in software related vulnerabilities, securing business applications has become a priority component in a company's IT Risk management program." said James Mobley, vice president Americas, Symantec Professional Services.

Symantec's latest Internet Security Threat Report released in September 2005 shows a continued rise in Web application vulnerabilities citing that 59 percent of all vulnerabilities found were Web application vulnerabilities. Furthermore, vulnerabilities in Web applications are an underestimated risk for many organizations due to the lower level of complexity in exploiting them and their increasingly widespread distribution.

Symantec consultants provide a programmatic approach for measuring and raising the overall level of application security by helping clients establish a complete, secure application development lifecycle. Symantec Secure Application Services include the following offerings:

  • Application Development Lifecycle Review: Provides organizations with recommendations for establishing secure application development processes.
  • Application Penetration Tests: Evaluate the security of an organization's applications and commercial products and deliver prioritized remediation guidance for application security vulnerabilities.
  • Application Design Assessment: Evaluates the security of an application at the design level to identify potential security risks and recommend remediation related to an application's design.
  • Application Code Review: Provides organizations with expert review of source code for security-critical components to help them identify, prioritize, and remediate security vulnerabilities.
  • Application Security Principles Course: Offers instructor-led training that provides project managers, technical architects, business/functional analysts, testers, and developers with a solid understanding of application security.

Symantec Security Consulting Services provide organizations with best-practice security measures through comprehensive assessments, planning, and design consultation, and are backed by Symantec's unparalleled research, methodologies, and consulting expertise.

Availability
Symantec Secure Application Services are currently available in the Americas. To learn more, customers can visit http://ses.symantec.com/secureapps.

About Symantec
Symantec is the world leader in providing solutions to help individuals and enterprises in any industry assure the security, availability, and integrity of their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at www.symantec.com.

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Center at http://www.symantec.com/about/news/release/index.jsp on Symantec's Web site. All prices noted are in US dollars and are valid only in the United States.

Symantec, the Symantec logo, VERITAS, and the VERITAS logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and certain other countries. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.