“Month of Apple Bugs” Would Stomp Smugness
The "Month of Apple Bugs" project scheduled to start off on January 1, 2007 will focus on Mac OS X. This project aims to expose and raise awareness regarding security flaws in Mac OS X that will improve future security, describes Brian Krebs' Security Fix blog in the Washington Post.
A private vulnerability analyst known by the name "LMH" was involved with the "Month of Kernel Bugs", and security researcher Kevin Finisterre will get going the "Month of Apple Bugs".
"LMH" believes that even now many users of OS X think that their system is proof to all vulnerabilities. He says while the upcoming project can make security strong at least tentatively, in the long run it will enhance OS X security for the Mac user.
At the time of the launch of "Month of Kernel Bugs" there was no warning for software vendors prior to the release of vulnerabilities. This practice has created ripples in the industry. The "Month of Apple Bugs", according to the Washington Post will run in the same fashion. Again, Apple will not get prior notice of the bugs. All the security holes will be new ones that haven't yet been made known to the public.
During the "Month of Kernel Bugs" LMH published many of the vulnerabilities in Mac OS X, but the project did not exclusively focus on Apple. Only late in November did Apple release a security update to handle some of the bugs.
The latest Apple project will be triggered to create awareness of security gaps in Apple's products and douse complacency in all quarters, Finisterre said in an e-mail.
In general Macintosh is considered more secure than Windows PC. However, many researchers are of the opinion that this reputation does not imply any superior security practices of Apple. They think the more secure Unix Kernel of Mac OS X and the less massive adoption of the product have kept back the attackers.
Earlier Cesar Cerrudo of Argeniss Information Security withdrew the "Week of Oracle Bugs" when he felt that the project could hamper the relationship between one of his customers and Oracle.
Related article: “Loopholes did not cause online banking thefts”: ICBC
» SPAMfighter News - 23-12-2006