Bit9 released more details of how they were hacked.

The level of detail is excellent, and there seems to be minimal or no spin. There are a couple additional details it might be valuable to see (specifics of the SQL injection and how user accounts were compromised), but overall the post is clear, with a ton of specifics on some of what they are finding.

More security vendors should be open and disclose with at least this level of detail. Especially since we know many of you cover up incidents. When we are eventually breached, I will strive to disclose all the technical details.

I gave Bit9 some crap when the breach first happened (due to some of their earlier marketing), but I can’t fault how they are now opening up.