Quick rhetorical question here - but if a malware security vendor doesn't have the tools/technology/people to protect their own site, can they actually call themselves a secure company?

I'm talking about Trend Micro who has admitted according to numerous media sources  to falling victim to a widespread JavaScript attack that ended up compromising its servers(in all fairness to Trend Micro I have not directly contacted them myself).

US-CERT issued an alert on the JavaScript issue just yesterday. Surprisingly Trend Micro itself has neither issued a press release or commented on the JavaScript compromise on its website or on its malware blog or its enterprise security blog (as of this posting at least).

Trend Micro's competitor McAfee however is apparently not as clueless and has provided some color on its malware blog about the broader JavaScript attack in question.

Bottom line here (and i've heard this from many vendors over the years) is that even companies that think they are secure can be compromised from any number of different sources. The real key in my opinion is eternal vigilance and transparency so that others can learn and by extension, ensure that we're all safer as a result.