I have been in the AV industry for a while and I would say both.
AV companies have a lot of behaviour analysis/decoding/parsing done inside their code that is as important as their "static" signature set.
In fact, I would say that having access to the code and how they analyze the files/memory/etc is more valuable to a competitor (and the "bad guys") than the static signature set.
In what sense have you ever been in the AV industry? I'm not sure whether this account belongs to David or Dre, but neither of you have an AV company on your LinkedIn profiles.
I admire you for building a business on cleaning up hacked Wordpress installs (seriously), but that's not the same game that Kaspersky is playing.
AV companies have a lot of behaviour analysis/decoding/parsing done inside their code that is as important as their "static" signature set.
In fact, I would say that having access to the code and how they analyze the files/memory/etc is more valuable to a competitor (and the "bad guys") than the static signature set.