Idiots
A special place in Hell awaits them.
Symantec is advising users of its Endpoint Protection (SEP) software to update their systems, after three vulnerabilities were reported in the computer defense tools. Two of the bugs – a cross-site scripting (XSS) flaw, and a SQL injection vulnerability – are in the SEP Management Console, a web-based portal you can log into …
For being idiots or for being with Symantec?
Yes!
The XSS flaw is not surprising as it is a common issue for web sites and not Symantec's area of expertise. The question I would raise is why they would want their security management console to run in a browser (the most commonly targeted attack surface on workstations). Points off for saying all the other kids are doing it.