Apple has offered preview looks at Mac OS X 10.7 (“Lion”) to Charlie Miller, Dino Dai Zovi, and other security experts. They aren’t talking details about the upcoming major update due to NDAs necessary to download Apple’s preview, but did publicly acknowledge that Apple has reached out to them, a major change for the company.
In a tweet, Dino Dai Zovi, co-author with Charlie Miller of The Mac Hacker’s Handbook (2009), said, “Apple has invited me to look at the Lion developer preview. I won’t be able to comment on it until its release, but hooray for free access!”
In an e-mail interview with CNet, Charlie Miller said, “As far as I know they have never reached out to security researchers in this way. Also, we won’t have to pay for it like everybody else. It’s not hiring us to do pen-tests of it, but at least it’s not total isolation anymore, and at least security crosses their mind now.”
CNet also published the e-mail invitation Apple sent to Messrs. Miller, Zovi, and other unnamed researchers that read:
I wanted to let you know that I’ve requested that you be invited to the prerelease seed of Mac OS X Lion, and you should receive an invitation soon. As you have reported Mac OS X security issues in the past, I thought that you might be interested in taking a look at this. It contains several improvements in the area of security countermeasures.
Apple has had a hit and miss relationship with security researchers in the past, and the company has come under heavy criticism from vocal members of the hacker community like Charlie Miller. Apple’s policy of secrecy has included not acknowledging reports from researchers and other practices that irk the research community.
Reaching out ahead of a major release to ask for feedback is a fairly significant shift for Apple, at least on the surface.