Norman
The detection bypass vulnerability in all Norman Antivirus products was discovered and reported by Sergio Alvarez. Here’s the vendorĀ response:
We have discussed your mail. It is not our company’s policy to publish information about vulnerabilities or bugs in our software, unless they are extremely critical and/or can be worked around by the end-user. There are usually a large number of vulnerabilities/bugs in any software, and in our opinion it would only serve to unsettle user confidence in the products if the industry continually feeds information about such weaknesses, and we don’t see that it would give the user any benefit in return.
Instead we feel that it should be the supplier’s responsibility to correct any errors and weaknesses and have them released to the user fast and silently, without alerting also the malware industry.
Hence, there is no forum where we can credit you for your findings.