Friday, February 13, 2009

Safari RSS Vulnerability: What Went Wrong?

Via Brian Mastenbrook's Blog -

Apple today released Security Update 2009-001 to address the security issue in Safari which I wrote about last month. Now that the patch is available, I'd like to share a bit more about the problem and why I decided to issue a warning. I'd also like to share a bit more about the security challenges Apple is facing, and how it may not be meeting those challenges.

[...]

So why did it take seven months for Apple to deliver a fix? What does this say about Apple's commitment to protecting the security of its users? Neither I nor anyone else who is not at Apple can answer these questions for certain.

------------------------------

Please read Brian's full blog, as it is packed with good insight.

I share Brian's position and have stated in numerous blogs over the last three years where the Apple Security Team has failed...they have failed at providing timely patches for open-source technology embedded in their products and in general PR of security issues.

Apple could still take a lesson or two from the other big players in the industry.

No comments:

Post a Comment