Comments on: Resting on One’s Laurels http://www.cigital.com/justice-league-blog/2007/09/27/resting-on-ones-laurels/ Wed, 30 Nov 2011 15:50:04 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Chris Rohlf http://www.cigital.com/justice-league-blog/2007/09/27/resting-on-ones-laurels/#comment-63 Chris Rohlf Thu, 27 Sep 2007 22:10:12 +0000 http://www.cigital.com/justiceleague/2007/09/27/resting-on-ones-laurels/#comment-63 "A final thought: Regardless of the actual security in OS X, what chance does Apple have of touting Leopard’s security over Vista in the market place after these events?" None whatsoever, considering many of the best security people in the world today have audited Vista's code. Apple needs to look seriously at doing the same thing. They shouldn't be singled out for their vulnerabilities because nearly every vendor is vulnerable until they pro-actively do something about it. And being proactive means hiring the right people to audit your products. When vendors refuse to acknowledge the security problem it just makes it worse. “A final thought: Regardless of the actual security in OS X, what chance does Apple have of touting Leopard’s security over Vista in the market place after these events?”

None whatsoever, considering many of the best security people in the world today have audited Vista’s code. Apple needs to look seriously at doing the same thing. They shouldn’t be singled out for their vulnerabilities because nearly every vendor is vulnerable until they pro-actively do something about it. And being proactive means hiring the right people to audit your products. When vendors refuse to acknowledge the security problem it just makes it worse.

]]>