Vulnerabilities / Threats
12/20/2012
10:58 AM
50%
50%

BestBuy.Com Chief Leaves For Symantec

Former Starbucks CIO and 2011 InformationWeek Chief of The Year Stephen Gillett heads to Silicon Valley.

After less than nine months on the job as head of Best Buy's online operation, Stephen Gillett has left the struggling retailer to take a senior position at Symantec, which is in the midst of its own reorganization as it tries to adapt to changes in the security software market.

Symantec named Gillett executive VP and COO on Wednesday. His responsibilities will include oversight of the company's IT, marketing, and communications operations. "Stephen is the perfect fit for the direction we are taking Symantec," said Steve Bennett, Symantec chairman and CEO, in a statement. "He has been deeply involved in the transformation of a number of high-profile companies at the executive level and is highly respected in the CIO community worldwide."

Gillett has been on Symantec's board since January, and will relinquish that position. He is a former CIO of Starbucks, and was named InformationWeek's Chief of The Year for 2011.

[ Where is Symantec headed next? Read Symantec Security Has Become Forgotten Child, Critics Say. ]

His departure from Best Buy was unexpected and seen as somewhat of a surprise, given that he was brought in as recently as March to bolster and add credibility to Best Buy's e-commerce efforts. Best Buy has been struggling to convert visits to its website into sales. It's also challenged by the fact that consumers are increasingly using its stores to check out the latest gadgets, while making actual purchases online at discounters like Amazon.

Gillett's departure marks the latest high-level exit at Best Buy. CEO Brian Dunn left in April after allegations of an inappropriate relationship with a female employee. He was replaced by former Vivendi Universal Games CEO Hubert Joly. Joly recently brought in his own team of senior executives, a fact that some observers believe contributed to Gillett's departure.

"I will miss the wonderful teams at Best Buy," Gillett tweeted on Wednesday. "Our time together was short, but our friendships and experiences lifelong. Thank you."

Gillett will have his work cut out at Symantec. The company's stock was downgraded earlier this month by Standpoint Research, amid concerns about increased competition. Microsoft is beefing up free security software for Windows PCs, as well as enterprise offerings like EndPoint. Symantec is expected to unveil a new strategic plan in January.

"Great companies are defined by their market position, customer base, brand awareness, the quality of their products and by the type of industry they're involved in," said Gillett, in a statement. "Symantec is strong in all of these areas. I look forward to working with everyone at Symantec to help the company achieve its full potential." Gillett did not immediately respond to a request for further comment.

Tech spending is looking up, but IT must focus more on customers and less on internal systems. Also in the new, all-digital Outlook 2013 issue of InformationWeek: Five painless rules for encryption. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2208
Published: 2014-12-28
CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string.

CVE-2014-2209
Published: 2014-12-28
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.

CVE-2014-5386
Published: 2014-12-28
The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initial...

CVE-2014-6228
Published: 2014-12-28
Integer overflow in the string_chunk_split function in hphp/runtime/base/zend-string.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted arguments to the chunk_split ...

CVE-2014-6229
Published: 2014-12-28
The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string,...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.