This is an article I’ve been thinking about for a long time. Sure, we security folks seem to love to bash Apple, but I thought it would be interesting to take a more constructive approach.
With the impending release of the next versions of both Mac OS X and the iPhone operating system, it seems a good time to evaluate how Apple could improve their security program. Rather than focusing on narrow issues of specific vulnerabilities or incidents, or offering mere criticism, I humbly present a few suggestions on how Apple can become a leader in consumer computing security over the long haul.
The short version of the suggestions are:
- Appoint and empower a CSO
- Adopt a secure software development program
- Establish a security response team
- Manage vulnerabilities in included third party software
- Complete the implementation of anti-exploitation technologies