The Tech Herald

Apple needs to open up says Mozilla security chief

by Steve Ragan - Sep 17 2008, 15:05

Apple needs to open up regarding security says Mozilla security chief Window Snyder. (IMG:Apple)

At the IT Security World conference on Monday, Window Snyder, the security chief at Mozilla Corp., gave a keynote on multi-layer defenses. The core news emerging from her talk is that Apple Inc., rivals only to Microsoft in operating system market share, needs to be more open with how it handles security.

Snyder is a “big” Apple fan, she says, “but one of my big problems with Apple is we don't get to hear what they're doing with security. I'd have a lot more confidence if they would communicate that stuff.”

This has always been the case with Apple, which recently released another round of security fixes for its OS X platform. Often the complaint you see from reporters and security experts is that too little information is released when discussing security problems on Apple-branded products. There are issues with how patching is handled and some security researchers refuse to work with the company because vulnerability reports are often ignored or nothing is done about emerging issues.

In 2007, Thor Larholm, a noted security expert who discovered issues in Safari for Windows within two hours of release, made his opinions clear by saying:

“Given that Apple has had a lousy track record with security on OS X, in addition to a hostile attitude towards security researchers, a lot of people are expecting to see quite a number of vulnerabilities targeted towards this new Windows browser...”

Apple has made some improvements in the way it talks about security. Yet, unlike Microsoft Corp., Apple does not offer security-only insight into its products, nor does it discuss processes and planning when working on new security features or services.

Examples of the sealed-lip ethos portrayed by Apple's security team can be confirmed by their own wording, which states:

“For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available.”

The recent update to OS X addresses security issues that Apple never informed end users of ahead of time, instead opting to leave them vulnerable until the next patch cycle. Even then, users are given only the basics about the security issue, and nothing more.

“They have a real opportunity there to show the rest of the security industry what they're doing because I think they are doing good work,” said Snyder, adding that it is painful when end users have to rely on marketing to know if something is secure or not.

So, will Cupertino-based Apple open up and become more informative?

It's highly unlikely, not least because it has made keeping secrets and building hype almost an industry standard. Why would security matters be any different?

Around the Web

Comment on this Story

comments powered by Disqus

From Autosaur.com

Car Games Update August 30th

We have added a few new games to the car games section of Autosaur. First up is the Car Eats...

2015 Toyota Tundra TRD Pro Prices

Toyota have announced prices for their 2015 Tundra TRD Pro, based on the Tundra it includes ...

2015 Toyota Tundra TRD Pro Pictures

Toyota recently announced prices for the 2015 Toyota Tundra TRD Pro. We have added some...

2015 Dodge Challenger Mopar Challenger Drag Pak Pictures

Mopar have been showing off their 2015 Mopar Challenger Drag Pak test vehicle at the Nationa...

Ford Customers Test 2015 F-150

Ford have selected four customers from the 15,000 who applied to be first to test the latest...