Apple and its security issues it doesn’t like to acknowledge
Now I have to be careful here on how I phrase this post because we sure wouldn’t want to see a Twitter–Friendfeed real-time angry fanboy rise from the dust and inundate us with all manner of death threats – or worse. So here goes – Apple needs to wake up to its new place in the computing landscape and start to take security seriously and better response to their users.
This is the gist of thoughts of Rich Mogull, founder of security firm Securosis and a self-professed Mac user, in both a post on TidBITS and in an interview by Dan Goodin for The Register.
“Based on a variety of sources, we know that Apple does not have a formal security program, and as such fails to catch vulnerabilities that would otherwise be prevented before product releases,” writes Rich Mogull, founder of security firm Securosis and a self-described owner of seven Macs. “To address this lack, Apple should integrate secure software development into all internal development efforts.”
Source: The Register
In his TidBITS post Rich provides five points that he thinks Apple needs to address when it comes to its products and security.
- Appoint and Empower a Chief Security Officer
- Adopt a Secure Software Development Program
- Establish a Security Response Team
- Manage Vulnerabilities in Included Third Party Software
- Complete the Implementation of Anti-Exploration Technologies
Given that even six month after Sun warned of a vulnerability in the Java virtual machine Apple hasn’t seen fit to patch the hole Rich’s suggestions might be well heeded. Note that both Linux and Microsoft fixed the bug months ago.
