"Mozilla’s security chief said Apple should disclose more information
about the steps it takes to protect customers from malware and other
computer-born threats.
At a security conference on Monday, Window Snyder said open
communication about recently reported vulnerabilities and ongoing
processes for locking down products is a core responsibility of
security departments at every software organization. The head of
security for Mozilla’s Firefox browser then singled out Apple as a
vendor with room for improvement.
"I’m big Apple fan – I’ve got a Mac right here," Snyder said as she
gripped her MacBook while speaking at the MIS Training Institute’s IT
Security World conference in San Francisco. "But one of my big problems
with Apple is we don’t get to hear what they’re doing with security.
I’d have a lot more confidence if they would communicate that stuff."
Among developers of mainstream software, Apple’s security department
is one of the most tight-lipped. Unlike Microsoft, Mozilla and Google,
it has no blog devoted to security, and the company rarely responds to
reports about vulnerabilities found in its products. As we’ve pointed
out on more than one occasion, the company frequently fails to clearly warn end users of the necessity of promptly installing updates when patching critical security holes.
While Snyder praised much of the behind-the-scenes work of Apple’s
security professionals, she said it’s not enough that the work is
carried out in secret."
I’d have to agree. I know a lot of security people at the larger companies and by far apple is the most secretive.
Read more: http://www.theregister.co.uk/2008/09/15/snyder_calls_on_apple/
