For a security product, like an anti-virus software, does it make sense to restrict the scope for a release?

For example, can we say that we will support detection of viruses in Word, but not in Excel for release 6?

I am assuming you would have to define scope based on possible vulnerabilities. So if there is high vulnerability in *any* application, you would need to address it? You can decide to ignore the smaller vulnerabilities?

Would it be right to say that for security products you can't arbitrarily reduce scope (unlike other products)


- Nilanjan