When Security Hurts

Recently, Symantec patched a vulnerability in AntiVirus Corporate Edition and Client Security which would allow a remote, unauthenticated user system level access via a buffer overflow.  Today, US-CERT published 19 vulnerabilities in Secure Elements Class 5 AVR, which include the possability of remote stack overflow.As Information Security professionals know, security products are only part of the security puzzle.  We should impliment them as tools to enforce our security controls, not as silver bullet fixes to the security problem.  This news illustrates the need to follow good security practices including defence-in-depth, proper network segmentation, and intrusion detection.