Tuesday, March 31st, 2009
I just realized today that I hadn’t seen any Secunia vulnerability updates in a long time. I knew they had done some site redesign work, and I figured they just changed the URL of the RSS feed. So I sat down at my computer to find it, but there didn’t seem to be one anymore. A quick hop on Google led me to this forum post explaining that Secunia no longer provides a free RSS feed for vulnerabilities:
As you have noticed we no longer provide our vulnerability intelligence through the Secunia RSS Feed.
Today a large number of businesses and governments are subscribed to the commercial Vulnerability Feed from Secunia.
Over the past couple of years, Secunia has noticed that numerous businesses and governments have signed up for the Secunia RSS feed, as a result there has been a loss of revenue for Secunia which has limited us in our endeavors on providing sustainable and quality solutions.
It is naturally not fair toward our customers that larger IT departments are receiving intelligence free of charge – using our RSS feed – as others would have to invest in it.
The service that will replace the need for our RSS feed, will be the Secunia Vulnerability Intelligence Feed – VIF. This is naturally a commercial solution, please see attached PDF for further clarification.
In my opinion, this was a very dumb move by Secunia. Keep in mind that the RSS feed didn’t provide anything that wasn’t already public; it just provided it in a different format. In a few minutes, I could write something that generates a similar RSS feed from the HTML output of Secunia’s website (although their terms of service are also excessively heavy-handed about this). This is a common sense usability feature, not a product that should require a paid subscription. For Secunia to restrict its availability to paying customers is akin to if Google were to suddenly make message collapsing in Gmail conversations only available to people who fork over cash.
One of the things that made Secunia so appealing to me was how accessible their information was. Now, it’s like the site is living in the 1990s. It’s a real shame when a company is willing to cripple their service like this rather than find a legitimate business model. Secunia has some very valuable assets; if their business really depends on profit from a mere RSS feed of already-available data, they’re doing something wrong.
Because of the removal of the RSS feature, my Web browser security summary page is likely outdated. I’ll go through Secunia’s advisory archives and update my data sometime soon.