Linked by Thom Holwerda on Wed 20th Dec 2006 10:08 UTC
Apple A pair of security researchers has picked January 2007 as the starting point for a month-long project in which each passing day will feature a previously undocumented security hole in Apple's OS X or in Apple applications that run on top of it. The 'Month of Apple Bugs' project, currently slated to begin on Jan. 1, is being orchestrated in part by a security researcher who asked to be identified only by his online alias 'LMH'. This is the same researcher who in November ran the 'Month of Kernel Bugs' project. LMH's partner in this project is Kevin Finisterre, a researcher who has reported numerous bugs to Apple over the past few years. As with the kernel bugs project, Apple will be given no advance notice with the Month of Apple bugs, LMH said.
Permalink for comment 194612
To read all comments associated with this story, please click here.
Because they won't inform us either ...
by MacTO on Wed 20th Dec 2006 14:41 UTC
Member since:

In the end, the means I don't believe justify the end. Why should innocent end users be potentially exposed to risks just because one individual feels the need to take an entire month to drag out releasing these problems, particular when Apple are not being given prior notice?

I think that this is a useful exercise because it is a simulation of reality. Think of it this way: a hacker wouldn't think of informing users of a new exploit, and they would be causing harm. This group is simply illustrating that there are potential exploits in a dramatic way.

Why use a dramatic way to inform the public of these exploits? If this project does have a high profile in the media, they informed Apple before hand, and gave Apple an opportunity to patch the software, Apple would end up releasing patches before the release and everyone would go through life saying, "look, no problem because Apple is fixing it promptly."

But that would be misleading because those patches take time to develop, even when they are receiving priority treatment because they are being actively profiled in the media. This way we can see how long it takes Apple to fix things when they are under the gun. We can only assume that fixes would take longer to come out when there is less pressure from projects such as this one.

In other words, by doing things in this way we get a more accurate and first hand impression of how secure Mac OS X really is.

Reply Score: 5