Skip to main content
close search
site logo
Dive Brief

Plan to distrust Symantec website certificates released, which is no longer its concern

Published Sept. 14, 2017
Naomi Eide's headshot
Managing Editor
Dollar Photo Club

Dive Brief:

  • Google's Chrome team this week released its formal plan to distrust Symantec's website security and certificate products, the company said. Over the past several years, the Chrome team had lost confidence in Symantec's infrastructure because of a pattern of concerns around how the company issued security certificates. 
  • In investigations which began earlier this year, the Chrome team found numerous Symantec-issued certificates did not comply with baseline industry-developed standards. The security company had tapped several organizations to issue certificates but they lacked oversight, which resulted in "security deficiencies," according to Google.
  • Beginning with Chrome 66, which will debut to Chrome Beta users in March 2018, Chrome will remove trust for Symantec certificates issued prior to June 1, 2016, according to the plan. By December 1, once Symantec transitions its certificate business over to DigiCert infrastructure, certificates issued from older Symantec infrastructure will not be trusted. Symantec could not be reached for comment prior to publication. 

Dive Insight:

Google officially downgraded trust in Symantec certificates in March, which the security company called "exaggerated and misleading." The move negatively impacted the security firm's reputation during a time when it was trying to regain traction in the market. Large, legacy security firms have had to navigate a changing security landscape, while competing against emerging vendors that can target the market in more agile ways.  

But the website certificate business is no longer Symantec's concern. In August, the company reached an agreement with DigiCert to sell its website security and PKI solutions business for $950 million.

So while Google has a formal plan in place, which would permit the security firm ample time to modernize its infrastructure and meet industry standards, web certificates are no longer Symantec's concern. Instead, DigiCert's new "managed partner infrastructure" will be able to issue trusted certificates, according to the announcement. 

Companies are placing more emphasis on end-to-end, ensuring everything from websites to back-end infrastructure is locked down. When an organization like Google downgrades trust in an organization's product, it is sure to cause ripple effects across product lines and impact a firm's reputation long term. 

Google has pushed for more companies to move toward HTTPS protocol, displaying an icon in Chrome when a site cannot be trusted. HTTP can leave websites vulnerable to eavesdropping and content manipulation, vulnerabilities eliminated with the transition over to the more secure HTTPS.

As of March, more than half of all websites support HTTPS, but leading vendors are pushing for more websites to make the transition. To do that, customers have to ensure security certificates issued by vendors are trushworthy. 

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Only Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Eva…
From Cynet Security
December 11, 2024
Arcus Power Launches Power Market Data Solutions on Snowflake Marketplace
From Arcus Power Corp
December 04, 2024
Celonis Appoints Benoit Fouilland as Chief Financial Officer to Drive Next Phase of Growth
From Celonis
December 05, 2024
Welo Data Launches Innovative Model Assessment Suite, Advancing Multilingual Causal Reasoning …
From Welocalize, Inc.
December 17, 2024
Editors' picks
Latest in Security
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.