BNET UK
silicon.com
ZDNet UK

Home
News
Blogs
Reviews
Videos
Jobs
Resources
Community

Leader
Comment
White Papers
Downloads
Special Reports

Hardware
Software
Communications
Internet
Security
IT Management
Emerging Tech
Leader

Group Blogs
News Blog
Post Room
Rupert's Diary

Hardware Reviews
Software Reviews
Editors' Choice
Buyer's Guides
Tech Guides
Competitions

Dialogue Box
Security threats
Server platforms
Mobile devices
Application development
Full video index

Articles
White Papers
Downloads
Companies
Broadband Speed Test

People
Competitions
Post Room
FAQ

You are here: ZDNet UK > News > Software

Desktop platforms Toolkit

Apple talks up security

Tags:
Security,
Mac Operating System,
Mac OS X,
Apple

Ina Fried CNET News

Published: 03 Jun 2004 13:25 BST

Beat of a different drum
Although the tech industry has guidelines that call for researchers to notify vendors of threats and then wait at least 30 days before going public, Schiller said Apple uses its own process to decide when to issue a patch, a process that takes into account Apple's assessment of the threat posed by the vulnerability.

Apple has released a partial patch, but security researchers say the OS remains vulnerable to attack.

Some of the other knocks on Apple's response to security issues also centre on the company's communications. For example, critics have called on Apple to offer more detailed information on its Web site, as well as to offer a dedicated email address for reporting bugs. But Schiller said Apple does both those things -- security concerns can be sent to product-security@apple.com, and the company posts information on its Web site. But he conceded that many people don't know about those programmes and that the company could be doing a better job.

"We're actually doing a lot of the right things people want," Schiller said. "They're just not aware of it."

There are, however, additional areas where Apple differs from other OS vendors. Unlike Microsoft and Red Hat, Apple does not have a life-cycle policy that guarantees which versions of the operating system will receive patches. Schiller said Apple makes those decisions on a case-by-case basis, rating the severity of the risks and balancing that with how hard it is to update older versions.

The company has offered updates to older versions in some cases but has not always been clear about those decisions. Last October, Apple waited several days before confirming it would offer a security patch for older systems. The initial silence by the company fuelled speculation that Apple was going to leave older users unprotected.

While Microsoft has set up a separate security business unit to deal with such issues, Apple has decided not to. The responsibility falls broadly to the Mac OS X crew and other software product groups to ensure the security of their products, Schiller said. "It's everyone's job," he said. "We don't have to create a special team to solve these things... Everyone who works on software also works on security at some level or another."

1 2 3 4

Did you find this article useful?
130 out of 316 people found this useful

Share this article:
Digg
Slashdot
Del.ici.ous
Stumble
Reddit

Company/Topic Alerts

Create a new alert from the list below:

Bugs
Mac OS X
Security

Apple
mac operating system

Video

Install Flash Player plugin

Find out more: From The Labs: A look at...

All videos
Most popular videos
Latest videos

Microsoft Windows 7 Special Report Special Report

How Microsoft can make Windows 7 a success

Comment Many businesses have given Vista a wide berth; Microsoft must focus on five areas to make sure Windows 7 doesn't suffer the same fate, argues TechRepublic's Jason Hiner