Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OS X Viruses...

On Tuesday, July 30, 2002, at 06:42 , Randy B. Singer wrote:

All that is necessary would be to inform Apple (privately) about any
potential security breach. It is in Apple's best interest to fix any
potential security hole, if one exists. I'm an attorney and I can tell
you that allowing such a security hole to exist after being informed of
it presents a huge potential liability problem for a software company
such as Apple. Informing them privately should be all that one needs to
do.

(Of course, if they then refused to remedy the situation, publicizing it
might then be a good idea. But even in that instance it would be a
totally asinine act to publish example code.)

The Software Update "hole" was a good example. If they had followed the channels you suggest then we'd still be waiting on a fix. As it was publicised, Apple had a fix within the week. With the exception of publicly known vulnerabilities, how many problems has Apple fixed within a week?

It doesn't matter if you're an attorney or not, disclosure is the way the world, and that means the Internet, works. In a lot of cases there is private disclosure to the company with the "threat" that in a certain amount of time it becomes public - that's the way CERT works.

Look at the amount of mistrust heaped at Microsoft because they have offered bonuses to companies if they DO NOT publicly disclose vulnerabilities. Others have described this as Redmond threatening sanctions against their partners who DO disclose.

Anyway, this is off track for user groups. We should be there to assure our members and inform them, not argue the nitty gritty between ourselves.

--
Eve succumbed to the temptation of the Apple.
_______________________________________________
augd mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/augd
Do not post admin requests to the list. They will be ignored.
References: 
 >Re: OS X Viruses... (From: "Randy B. Singer" <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.