by , 11:00 AM EDT, June 3rd, 2004
CNet News has published one of the best articles we have read on the site in some time. The subject of the article is security and Mac OS X, with an emphasis on Apple's track record for communicating with its customers about security issues. The article examines recent specific security issues, has comment from Phil Schiller, industry analysts, and users alike. It also offers a look at some of the Unix-related issues affecting security, and compares the security track record of Mac OS X to that of Windows. From the article:
In general, the Mac operating system has seen far fewer bugs than its Windows counterpart. But some say a recent vulnerability demonstrates that the notoriously tight-lipped company must communicate more openly on security issues and move more quickly when it comes to plugging holes.
[...]
Although the tech industry has guidelines that call for researchers to notify vendors of threats and then wait at least 30 days before going public, Schiller said Apple uses its own process to decide when to issue a patch, a process that takes into account Apple's assessment of the threat posed by the vulnerability.
Apple has released a partial patch, but security researchers say the OS remains vulnerable to attack.
Some of the other knocks on Apple's response to security issues also center on the company's communications. For example, critics have called on Apple to offer more detailed information on its Web site, as well as to offer a dedicated e-mail address for reporting bugs. But Schiller said Apple does both those things--security concerns can be sent to [email protected], and the company posts information on its Web site. But he conceded that many people don't know about those programs and that the company could be doing a better job.
"We're actually doing a lot of the right things people want," Schiller said. "They're just not aware of it."
There is much more information in the full article, and we recommend it as a very good read.
The article points out that Apple's track record on security is fabulous, at least when compared to Microsoft, but security is one of those things where there needs to be no confusion or unanswered questions. There are multiple reasons for that, too. For one thing, it's the right thing to do. We have seemingly antiquated ideas about doing the right thing, of course, so take that as you will.
Another reason it would behoove Apple to be very, very open about all things security related is that it would contrast the company to Big Redmond. With Windows security problems leading to billions of dollars in lost productivity around the world, and Microsoft having a deserved reputation for trying to hide all of its security issues, an up-front Apple might well be a selling point to many folks, especially in the IT market. Microsoft has definitely improved its approach to security, but there is plenty of room for Apple to do it better.
In any event, this is an issue we have been contemplating in the halls of TMO Towers, and we found the CNet article to be very timely, and good food for thought.