Apple lags MS in security response
Print storyFear of a Black Hat
Posted in Enterprise Security, 31st March 2008 09:16 GMT
VMware whitepaper - The business case for Virtualization
Apple is trailing way behind Microsoft in security patch responsiveness, according to a study by security researchers.
Stefan Frei and Bernard Tellenback of the Computer Engineering and Networks Laboratory (TIK) at the Swiss Federal Institute of Technology, analysed several years of vulnerability disclosures and patching processes from various vendors.
They found that Apple is getting worse at dealing with security problems while Microsoft is improving. Apple is experiencing more vulnerabilities, longer patching times, and more attacks on unpatched vulnerabilities, according to the duo.
Frei and Tellenback presented their findings at a presentation entitled 0-day Patch – Exposing Vendors (In)Security Performance at last week's Black Hat conference in Amsterdam. A copy of the presentation can be found here.
Colleagues of the duo reckon Apple's antagonistic attitude with security researchers is one of the reasons for its poor response.
"While I think that there are quite a few reasons why this is probably so, I’d be inclined to say that Apple’s biggest problem appears to be that they treat every new vulnerability as a potential PR disaster rather than an opportunity to visibly reinforce their work in securing their customers," writes Gunter Ollman of IBM's X-Force.
"In recent times this has most critically been reflected in the way Apple works with security researchers." ®
Rethink virtualization in business terms
The Business Case for Virtualization
Implementing energy efficient data centers
Distribute the workload for greater efficiency and power
HP and VMware take the cost and complexity out of IT
Scareware mongers hitch free ride on Microsoft.com and others
Home Office death list 'stops ID fraud'
Boffin brings 'write once, run anywhere' to Cisco hijacks
American Express bitten by XSS bugs (again)