"We don't know how much of this is chest thumping" on the part of the hackers, Rachwald said. The source code tree file posted on Pastebin suggests the group has some potentially useful information related to Symantec's AV product, he said. "It is a good indicator, but not a perfect one."
Even if the group has managed to access Symantec's source code, it's unlikely to be very useful if the code is old, Rachwald said. "It might be useful in understanding what Symantec was trying to do" with its AV products, but little else, he said.
However, Symantec could face serious issues if the source code the hackers allege to have accessed is fresh, Rachwald added.
In that case, "Symantec will have to make some major changes" to its antivirus technology, Rachwald said. A mere patch would not be enough to address the issues created by a source code compromise.
"They would have to issue a whole body cast, not a patch," he said. "They will have to reissue the product in some format and that could be very problematic for them."
Competitors could also benefit from a Symantec source code leak because it would give them an unprecedented glimpse into how the software works, he said.
Rachwald said it's likely the Indian hackers obtained the source code from an Indian government server. Often, software companies such as Symantec are required to submit their source code to government bodies to prove they are not spying on the government, he said.
Sign up for Computerworld eNewsletters.