I am looking forward to further information from Symantec regarding the SEP code breach:
http://www.securityweek.com/symantec-confirms-hackers-accessed-source-code-two-enterprise-security-products
http://bits.blogs.nytimes.com/2012/01/06/symantec-confirms-segment-of-source-code-stolen/
I differ a little bit with Robert Rachwald's comments in the SecurityWeek article. The severity of the breach really depends on what code was lost, how much of the code is still used, and how much the code reveals about Symantec's internal architecture (which could be sigificant, even if the specific code in question is no longer in use.)
Yes, AV is signature based, but access to the source code provides a great opportunity not just for signature evasion, but understanding the Symantec internals, and determining how to bypass the software or hijack it. For a rootkit creator, it would be invaluable. I also think the point about it being an older version is largely moot – the internal program structure is likely largely the same in the latest version, so what an attacker learns from v11 is likely applicable to V12.
Mr. Paul