Consultant Offers Suggestions to Apple Struggling against Malware & Online Threats
Rich Mogull, Founder of 'Securosis', a security company, states that Apple is striving hard to safeguard its users from malicious software and other security threats. Mogull further says that Apple executives need to embrace a secure development lifecycle that helps to design the company's increasing list of products, as reported by TheRegister on June 9, 2009.
According to Mogull, it is evident that Apple doesn't possess a formal security scheme; consequently, it is unable to detect vulnerabilities that could be blocked prior to its product release. Thus, to deal with this paucity, Apple should incorporate the development of secure software into the company's internal development process.
This suggestion from Mogull is one among the five he articulated lately to make sure the company is taking all necessary steps to protect its consumers.
Mogull further stated that Apple considered security as a paramount task in the face of security confrontations. But he blamed the company on one point - its failure to fix a large vulnerability within Mac editions of Java that allowed cyber criminals to execute malicious code.
Understandably, Mogull's suggestions are closely following Apple's June 8, 2009 declaration of Safari 4.0 release. It addresses over 50 security flaws inside the browser.
Another recommendation that Mogull made for Apple is that it should employ an executive and give him supervisory powers for the security of the company's products. This executive called the 'chief security officer' would be accountable to consumers for Apple's security and would work as a boss managing the security incidents of the company as well as its new products.
The consultant also suggests that Apple should finish its task of adding technologies to OS X to prevent all forms of exploitation. According to him, although features like library randomization, sandboxing, stack protection and no-execute flags have been enforced, these enforcements seem to be either incomplete or vulnerable to an extent that their security benefits are almost eliminated.
Lastly, Mogull suggests setting up a security team that will handle interactions between Apple's employees and outside researchers reporting flaws within Apple's products; and tackling flaws within third-party software.
Related article: Council of Europe Organized Conference on Cyber Crime
» SPAMfighter News - 12-06-2009