The Tech Herald

Apple needs to open up says Mozilla security chief

by Steve Ragan - Sep 17 2008, 15:05

Apple needs to open up regarding security says Mozilla security chief Window Snyder. (IMG:Apple)

At the IT Security World conference on Monday, Window Snyder, the security chief at Mozilla Corp., gave a keynote on multi-layer defenses. The core news emerging from her talk is that Apple Inc., rivals only to Microsoft in operating system market share, needs to be more open with how it handles security.

Snyder is a “big” Apple fan, she says, “but one of my big problems with Apple is we don't get to hear what they're doing with security. I'd have a lot more confidence if they would communicate that stuff.”

This has always been the case with Apple, which recently released another round of security fixes for its OS X platform. Often the complaint you see from reporters and security experts is that too little information is released when discussing security problems on Apple-branded products. There are issues with how patching is handled and some security researchers refuse to work with the company because vulnerability reports are often ignored or nothing is done about emerging issues.

In 2007, Thor Larholm, a noted security expert who discovered issues in Safari for Windows within two hours of release, made his opinions clear by saying:

“Given that Apple has had a lousy track record with security on OS X, in addition to a hostile attitude towards security researchers, a lot of people are expecting to see quite a number of vulnerabilities targeted towards this new Windows browser...”

Apple has made some improvements in the way it talks about security. Yet, unlike Microsoft Corp., Apple does not offer security-only insight into its products, nor does it discuss processes and planning when working on new security features or services.

Examples of the sealed-lip ethos portrayed by Apple's security team can be confirmed by their own wording, which states:

“For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available.”

The recent update to OS X addresses security issues that Apple never informed end users of ahead of time, instead opting to leave them vulnerable until the next patch cycle. Even then, users are given only the basics about the security issue, and nothing more.

“They have a real opportunity there to show the rest of the security industry what they're doing because I think they are doing good work,” said Snyder, adding that it is painful when end users have to rely on marketing to know if something is secure or not.

So, will Cupertino-based Apple open up and become more informative?

It's highly unlikely, not least because it has made keeping secrets and building hype almost an industry standard. Why would security matters be any different?

Comment on this Story

comments powered by Disqus


Lucky Escape from Out of Control Truck

This man had a lucky escape on a New Jersey Turnpike when he had to stop on the road du...

Concept Car Videos from Detroit Auto Show

As at every big car show manufacturers at the Detroit Auto Show 2015 were keen to give us th...

Concept Car Pictures from Detroit Auto Show

Well we still had a few pics from the in Detroit Auto Show to put up. These are some of...

Nissan #withdad Super Bowl Commercial Teaser

Nissan have revealed the first glimpse of their #withdad Super Bowl commercial set to s...

This Is What A Horror 150-Car Pile-up In Snow Looks Like (VIDEO)

This incredible footage shows the terrifying unfolding of a massive 150-car pile-up tha...