If the anti-virus makers can't keep their sites safe, how safe are the rest of us? That's one of the questions raised by a hack of Trend Micro earlier this week.According to news reports, the Tokyo-based anti-virus company's site was compromised along with thousands of others by an ongoing mass attack exploiting unpatched vulnerabilities.

While it was reported that Trend Micro posted an alert on its Japanese site, there seems to be no mention of the problem on its U.S. pages, at least none that I could find.

On the other hand, competitor Sophos blogged the Trend Micro problem with some sympathy and doubtless some between-the-lines glee.

The Trend Micro problem is troubling for obvious reasons -- an exploited vulnerability at a large anti-virus company places it immediately in the "do as we say, not as we do" (or, in this case, don't do) category.

But the absence of any mention of the problem (so far, at least) on Trend's U.S. site is not only troubling, but baffling -- the only way to begin to minimize the fallout from an exploit or compromise is to start getting in front of it immediately.

That applies to every business suffering a successful hack and, it seems to me, applies tenfold to an anti-hacker company that's become a hacked company.