[ISN] Apple security is 'struggling,' researcher says

From: InfoSec News <alerts_at_private>
Date: Wed, 10 Jun 2009 04:37:47 -0500 (CDT)

By Dan Goodin in San Francisco 
The Register
9th June 2009 00:52 GMT

A well-known security consultant says Apple is struggling to effectively 
protect its users against malware and other online threats and suggests 
executives improve by adopting a secure development lifecycle to design 
its growing roster of products.

"Based on a variety of sources, we know that Apple does not have a 
formal security program, and as such fails to catch vulnerabilities that 
would otherwise be prevented before product releases," writes Rich 
Mogull, founder of security firm Securosis and a self-described owner of 
seven Macs. "To address this lack, Apple should integrate secure 
software development into all internal development efforts."

Microsoft was among the first companies to integrate an SDL into its 
internal development routine. Under the program, products are built from 
the ground up with security in mind, so that poorly written sections of 
older code are replaced with code that can better withstand attack. It 
also subjects programs to a variety of simulated attacks. Adobe Systems 
recently beefed up the SDL program for Reader and Acrobat following 
criticism about the security of those two programs.

Mogull's suggestion was one of five he made recently to ensure company 
is doing everything it should to safeguard its customers.


Visit the InfoSec News security bookstore!
Received on Wed Jun 10 2009 - 02:37:47 PDT

This archive was generated by hypermail 2.2.0 : Wed Jun 10 2009 - 02:43:52 PDT