Comments on: Resting on One’s Laurels http://www.cigital.com/justiceleague/2007/09/27/resting-on-ones-laurels/ The Cigital Software Security and Quality Blog Mon, 12 May 2008 11:35:54 +0000 http://wordpress.org/?v=2.0.11 by: Chris Rohlf http://www.cigital.com/justiceleague/2007/09/27/resting-on-ones-laurels/#comment-2734 Thu, 27 Sep 2007 22:10:12 +0000 http://www.cigital.com/justiceleague/2007/09/27/resting-on-ones-laurels/#comment-2734 "A final thought: Regardless of the actual security in OS X, what chance does Apple have of touting Leopard’s security over Vista in the market place after these events?" None whatsoever, considering many of the best security people in the world today have audited Vista's code. Apple needs to look seriously at doing the same thing. They shouldn't be singled out for their vulnerabilities because nearly every vendor is vulnerable until they pro-actively do something about it. And being proactive means hiring the right people to audit your products. When vendors refuse to acknowledge the security problem it just makes it worse. “A final thought: Regardless of the actual security in OS X, what chance does Apple have of touting Leopard’s security over Vista in the market place after these events?”

None whatsoever, considering many of the best security people in the world today have audited Vista’s code. Apple needs to look seriously at doing the same thing. They shouldn’t be singled out for their vulnerabilities because nearly every vendor is vulnerable until they pro-actively do something about it. And being proactive means hiring the right people to audit your products. When vendors refuse to acknowledge the security problem it just makes it worse.

]]>