Last Friday McAfee had to apologize to its customers because six months ago they "inadvertently repaired the flaw after an engineer made other changes to its software" according to its chief security architect, John Viega. The flaw was in McAfee's popular ePolicy Orchestrator but effects the corporate Anti-Virus component as well.
At the upcoming Black Hat convention in Las Vegas at least one organization, Matasano Security, is going to reveal serious flaws in management clients that enterprises deploy widely. Products sold by IBM, CA, and Oracle can be everywhere and usually do not get evaluated by hackers and security researchers because they are not freely downloadable. But their pervasiveness and the lack of scrutiny is leading to a major risk.
Last week's revelation by McAfee highlights the risk from security software as well.