Friday, February 23, 2007

Apple Works to Better Security

Via News.com Security Blog -

According to a post on the Bugtraq newsgroup, Apple has a job listing for a security expert.

The winning candidate would "help provide guidance on security topics to all groups across Apple, and help teams design security into new cutting-edge features and technologies," and also "help analyze potential security issues and work with groups across Apple for timely resolution."

Apple has come under increased scrutiny by the criminal hacker communities in the last year, and the was the target of a January's "month of Apple bugs." In 2006, it issued more Mac OS security patches than in previous years.

More telling is the requirement that the candidate "create training for development teams on security concepts and coding practices." This sounds like Bill Gates' call a few years ago for Trustworthy Computing at Microsoft.

-------------------------------------

This is good news overall, and I am glad to see that Apple is taking steps to increase the security of their coding practices. I have said that Apple could learn a few things from Microsoft and I think Robert hints toward that idea. Microsoft has been hit in the public on these exact issues in the past, but it looks like Apple is just now starting to see that.

Yes, Apple has a great security model on the OS level. But that is just one piece of the security puzzle, without secure coding practices, better communication with customers on emerging threats, and work on better internal controls instead of playing the blame card....problems will only get worse before than get better for Apple.

Sometimes Apple Fanboys forget that Apple writes software beyond OS X...and if I remember correctly Quicktime has been used in serious attacks against people on the internet.

No comments:

Post a Comment