Reader Comments (Page 1 of 1)

As a Mac user and a Masters student in computer forensics and security, this worries me a bit. From what I can gather, these researchers are aiming to find a new, unpatched security flaw in OS X every day and then publish it publicly on the internet.

Now I have no problem whatsoever with security researchers finding flaws in software, as long as they then act responsibly. The best method is known as 'responsible disclosure' - you give full details to the security team/programmers of the affected product and give them ample time to fix the bug, before providing any detailed information about the flaw. If these researchers are going to simply dump full details about these flaws on the internet and let anyone exploit them, then potentially we're going to see a lot more malware for OS X and that's not fair. Give Apple time to fix the flaws.

You could argue that by exposing OS X's flaws that it levels the playing field with Windows, but then you have to understand that there are a lot of hackers out there on the payrolls of spammers and scam artists who will keep details of any flaws they find secret so that they can be effectively exploited - that's why we see more and more 'zero-day' vulnerabilities exploited on Windows. The first Microsoft hears about them is when someone releases a virus/warm/trojan which takes advantage of them, and that's neither fair on Microsoft nor Windows users.

Let's hope that these researchers act responsibly and not put users at risk.