Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Critique of Apple's Security Stance Nothing New - But Still Worthwhile

Apple is a company that is notoriously secretive about their internal security processes and, although they have become more open about acknowledging the source of bugs reported to them when they fix them, they remain steadfastly tight-lipped at almost all other times when it comes to discussing security matters.

That isn't to say that the company doesn't keep on top of what is going in the world outside of Apple, nor engage with researchers and Information Security companies. Despite this, many still hold the impression that Apple is stand-offish and uncaring / oblivious to the bugs in their products. For some, this point of view has tainted all dealings with the company and has seen some researchers go to publicly disclose vulnerability information before notifying Apple, whereas other vendors in the same situation would have been notified ahead of a co-ordinated or a delayed public release of vulnerability data.

Articles such as this one do little to help commonly held views, especially when it is picked up and reported as Apple struggling with security, even if it isn't the complete message of the original article.

Rich Mogull puts forward a reasoned, well-thought out series of arguments in the original article, but it is nothing new. Nothing that hasn't already been put forward to Apple, both publicly and privately many times before. This doesn't mean that making these arguments is worthless.

It's not.

As Adobe has recently shown (and Microsoft some years before that), it is possible for a large software company to change how it approaches Information Security management, patch issuing, and dealing with security-concerned consumers and Information Security researchers.

Even if Apple do not change their stance based on the most recent hirings and articles published by concerned Information Security and Apple system users, continuing to highlight and publicise the importance of taking these recommended steps keeps the ideas out in the open and being turned over, ready for a time when they might be more warmly received within Apple.

11 June 2009

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.