CNet Offers In-Depth Examination Of OS X Security, Apple's Communication

C Net News has published one of the best articles we have read on the site in some time. The subject of the article is security and Mac OS X, with an emphasis on Appleis track record for communicating with its customers about security issues. The article examines recent specific security issues, has comment from Phil Schiller, industry analysts, and users alike. It also offers a look at some of the Unix-related issues affecting security, and compares the security track record of Mac OS X to that of Windows. From the article:

In general, the Mac operating system has seen far fewer bugs than its Windows counterpart. But some say a recent vulnerability demonstrates that the notoriously tight-lipped company must communicate more openly on security issues and move more quickly when it comes to plugging holes.

[...]

Although the tech industry has guidelines that call for researchers to notify vendors of threats and then wait at least 30 days before going public, Schiller said Apple uses its own process to decide when to issue a patch, a process that takes into account Appleis assessment of the threat posed by the vulnerability.

Apple has released a partial patch, but security researchers say the OS remains vulnerable to attack.

Some of the other knocks on Appleis response to security issues also center on the companyis communications. For example, critics have called on Apple to offer more detailed information on its Web site, as well as to offer a dedicated e-mail address for reporting bugs. But Schiller said Apple does both those things--security concerns can be sent to [email protected], and the company posts information on its Web site. But he conceded that many people donit know about those programs and that the company could be doing a better job.

"Weire actually doing a lot of the right things people want," Schiller said. "Theyire just not aware of it."

There is much more information in the full article, and we recommend it as a very good read.