Perforce Software Responds to McAfee White Paper on Operation Aurora

Company Statement

Perforce Software Responds to McAfee White Paper on Operation Aurora

March 4, 2010


Perforce Software as well as other companies, whose applications house critical data, was the subject of a White Paper issued by McAfee on March 3, 2010.

As the White Paper states, Perforce “has long been a staple of source code control systems and has thousands of customers. Its products are used by the largest Fortune 1,000 companies.” It stands to reason that when hackers are looking for a company’s intellectual property (IP), they would look to Perforce where the content is versioned and managed.

Christopher Seiwald, President and Chief Technology Officer of Perforce Software said, “Our product has several security levels that most of our customers take advantage of. However, our security is not designed to stop attackers who breach a company’s IT defenses and are then able to masquerade as legitimate users. We use our own product, Perforce, to develop our product and we use security software to protect ourselves.”

McAfee’s White Paper and Perforce

According to McAfee’s White Paper, hackers used an Internet Explorer exploit to masquerade as our customers' legitimate users. They then accessed Perforce as legitimate users in an attempt to steal IP.

In addition, McAfee Labs reviewed the freely available version of our SCM system aimed specifically at people evaluating Perforce and casual users. Many of the vulnerabilities McAfee identified were due to running our product with security turned ‘off’, which is how we distribute the trial version of our SCM system. In addition, they did not determine these vulnerabilities played a role in the recent attacks.

What We Are Doing

Last week we received a preliminary version of McAfee’s findings. We plan to follow the recommendations McAfee has suggested. These improvements are aimed at ensuring legitimate users stay within their bounds.

We are issuing a reminder to our customers to run Perforce with the security turned ‘on’ as well as other security recommendations.

About the Perforce SCM System

Perforce, the Fast Software Configuration Management System, is an award- winning tool that versions and manages source code and digital assets for enterprises large and small. Perforce is easy to install, learn and administer; seamlessly handles distributed development; and supports developers across a large number of platforms. Perforce ensures development integrity by grouping multi-file updates into atomic changes, enables concurrent development, and intelligently manages multiple software releases using its Inter-File Branching system.

About Perforce

Enterprises across the globe rely on Perforce to build and deliver digital products faster and with higher quality. Perforce offers complete developer collaboration and agile project management tools to accelerate delivery cycles — from agile planning tools to requirements, issues and test management, which then link to all source code, binary assets and artifacts for full build and release tracking and visibility. The company’s version control solutions are well known for securely managing change across all digital content — source code, art files, video files, images, libraries — while supporting the developer and build tools your teams need to be productive, such as Git, Visual Studio, Jenkins, Adobe, Maya and many others. Perforce is trusted by the world’s most innovative brands, including NVIDIA, Pixar, Scania, Ubisoft, and VMware. The company has offices in Minneapolis, MN, Alameda, CA, Mason, OH, the United Kingdom, Finland, Sweden, Germany, and Australia, and sales partners around the globe. For more information, please visit

Media Contacts

Colleen Kulhanek
Perforce Software
Ph: +1 612-517-2069
[email protected]

Maxine Ambrose
Ambrose Communications
Ph: +44 118 328 0180
[email protected]