Posted by: Anonymous Coward
on August 09, 2006 06:56 AM
Nope, you clearly have no understanding of information security, and I'm damned glad that people with the attitude that you've presented here aren't working for my company.
Vulnerability disclosure is a very important thing, and sadly, corporations who purvey closed source are notorious about *not* disclosing vulnerabilities when they know about them. I also used to work for Microsoft years ago, so I saw this first-hand (remember the original WordBasic Concept Virus and what happened to that guy?).
Joe Barr is absolutely correct here. Apple isn't being "singled out" any more than Microsoft or Cisco are "singled out" when they hide vulnerabilities and get caught pressuring others to do the same. But given the corporate track record, I don't doubt for even a second that Apple 1.) was advised about this, and 2.) chose to play hush-hush. I'm sure that Microsoft would've done the same thing if ISS had advised them.
Even *you* admit that at least ISS told them about it. They should've come up with a patch *RIGHT AWAY*, not wait a month and a half. When security vulnerabilities are discovered in open source software, they're generally fixed *THAT DAY*, not a month and a half (or more) later. That's proof right there that Apple could've fixed it, at least for their platform.
Had this vulnerability been fully disclosed, you can bet that all the Linux distros out there, as well as Free/Net/OpenBSD, would've had patches within hours. Unfortunately, it was not fully disclosed. Shame on Apple for pressuring those security analysts; Apple's just as bad as Microsoft and Cisco.
Learn about Linux
Download Linux
Get Linux help
No, *you* must be joking...or an Apple employee
Posted by: Anonymous Coward on August 09, 2006 06:56 AMVulnerability disclosure is a very important thing, and sadly, corporations who purvey closed source are notorious about *not* disclosing vulnerabilities when they know about them. I also used to work for Microsoft years ago, so I saw this first-hand (remember the original WordBasic Concept Virus and what happened to that guy?).
Joe Barr is absolutely correct here. Apple isn't being "singled out" any more than Microsoft or Cisco are "singled out" when they hide vulnerabilities and get caught pressuring others to do the same. But given the corporate track record, I don't doubt for even a second that Apple 1.) was advised about this, and 2.) chose to play hush-hush. I'm sure that Microsoft would've done the same thing if ISS had advised them.
Even *you* admit that at least ISS told them about it. They should've come up with a patch *RIGHT AWAY*, not wait a month and a half. When security vulnerabilities are discovered in open source software, they're generally fixed *THAT DAY*, not a month and a half (or more) later. That's proof right there that Apple could've fixed it, at least for their platform.
Had this vulnerability been fully disclosed, you can bet that all the Linux distros out there, as well as Free/Net/OpenBSD, would've had patches within hours. Unfortunately, it was not fully disclosed. Shame on Apple for pressuring those security analysts; Apple's just as bad as Microsoft and Cisco.
Right on, Joe!
#