News broke recently that Verisign, Inc. reported in their quarterly SEC filings that they had been victims of a security breach in 2010. At this time, Verisign, Inc. has only confirmed that the incident did not impact their DNS business. 

Just as Verisign, Inc. stated that there was no impact to their production environment, I stand behind the following statement that Symantec made in response to media questions regarding the 2010 Verisign, Inc. security breach:

Symantec takes the security and proper functionality of its solutions very seriously.Trust Services (SSL), User Authentication (VIP, PKI, FDS), and other production systems acquired by Symantec were not compromised by the corporate network security breach mentioned in the Verisign, Inc. quarterly filing.

Unfortunately, many people are associating the breach at Verisign, Inc. with the brand of SSL Certificates that Symantec acquired, begging the question “Is SSL dead”? SSL, or HTTPS encryption, remains today as the most secure method to protect online data in transit. Symantec Trust Services, and Identity and Authentication solutions continue to provide unparalleled levels of security, not only in terms of our products, but in terms of how we protect the systems that protect you and your customers.

2/3/12 Update – I want to clear up some confusion about the two brands.  In 2010, Symantec acquired the security assets listed above from Verisign, not the entire Verisign organization.  Verisign Inc. is a separate public company, responsible for the SEC disclosure.