Thursday, June 14, 2007

Why doesn't Apple do basic security testing?

 Glenn Fleishman, writing for Tidbits, asks a simple question ...

TidBITS: Apple Updates Windows Safari Beta with Security Fixes

... It's disturbing that Apple isn't stress testing its public beta software with the same kind of readily available tools for fuzzing that both researchers and the nefarious have. Many of the Month of Apple Bugs flaws (see "MoAB Is My Washpot," 2007-02-19), as well as many recent AirPort and AirPort Extreme problems, were discovered through fuzzing.

We all know Apple treats early adopters as alpha testers, but Fleishman is making a more important point. Apple is releasing products that evidently haven't passed even basic attacks using off-the-shelf hacking tools -- including OS X 10.4.

In a reasonable world, that would be product negligence, and there would be rabid lawyers ringing Cupertino. It's the 21st century Apple. You need to do much, much better.

No comments: