ISS blasts security rival Trend Micro over bugs

In an unusual move, a security company owned by IBM has publicly blasted a rival for not patching reported bugs in its enterprise-grade, server-side antivirus software.

On Monday, David Dewey, a researcher at IBM Internet Security Systems, explained why his company had released several advisories that covered multiple vulnerabilities in Trend Micro Inc.'s ServerProtect software, even though Trend Micro has not fixed the flaws, according to IBM.

X-Force, the research arm of IBM's security group, reported the first bugs to Trend Micro two years ago, said Dewey, and it followed up with additional vulnerability reports through January 2008. But Trend's response was unsatisfactory. "Each time, Trend would assure us that fixes would be provided in the next scheduled patch," he said in a post to the X-Force blog. "We have worked with them through four security patches, and in all cases, the reported vulnerabilities were ignored or the solution they implemented was inadequate."