« Real World XSS Vulnerabilities in ASP.NET Code | Main | Adobe yanks speech exposing critical 'clickjacking' vulns »

Mozilla security chief: Apple should open up

"Mozilla's security chief said Apple should disclose more information about the steps it takes to protect customers from malware and other computer-born threats.

At a security conference on Monday, Window Snyder said open communication about recently reported vulnerabilities and ongoing processes for locking down products is a core responsibility of security departments at every software organization. The head of security for Mozilla's Firefox browser then singled out Apple as a vendor with room for improvement.

"I'm big Apple fan - I've got a Mac right here," Snyder said as she gripped her MacBook while speaking at the MIS Training Institute's IT Security World conference in San Francisco. "But one of my big problems with Apple is we don't get to hear what they're doing with security. I'd have a lot more confidence if they would communicate that stuff."

Among developers of mainstream software, Apple's security department is one of the most tight-lipped. Unlike Microsoft, Mozilla and Google, it has no blog devoted to security, and the company rarely responds to reports about vulnerabilities found in its products. As we've pointed out on more than one occasion, the company frequently fails to clearly warn end users of the necessity of promptly installing updates when patching critical security holes.

While Snyder praised much of the behind-the-scenes work of Apple's security professionals, she said it's not enough that the work is carried out in secret."

I'd have to agree. I know a lot of security people at the larger companies and by far apple is the most secretive.

Read more: http://www.theregister.co.uk/2008/09/15/snyder_calls_on_apple/


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!