Apple, Security, And Disturbing QuestionsApple, Security, And Disturbing Questions
Troubling questions are being raised by one of the few meaningful <a href="http://www.informationweek.com/news/showArticle.jhtml?articleID=180205633">security issues</a> to impact Apple. As <em>InformationWeek</em>'s Larry Greenemeier points out in a <a href="http://www.informationweek.com/blog/main/archives/2006/02/a_club_apple_wa.html">blog entry</a>, "Some say the security research community is more dangerous than the hackers they warn against" because Mac exploits are being placed directly o
February 28, 2006
Troubling questions are being raised by one of the few meaningful security issues to impact Apple. As InformationWeek's Larry Greenemeier points out in a blog entry, "Some say the security research community is more dangerous than the hackers they warn against" because Mac exploits are being placed directly on the Web soon after the vulnerabilities are discovered. He quotes a security expert as saying that advisories sometimes serve as more of a publicity machine for the issuers than as a service to IT organizations.Meanwhile, analyst Rob Enderle--one of the IT industry's chief pot stirrers--asserts that the security vendor community is, in effect, feeding itself with all the warnings it issues, Apple merely being the latest example. "By telling people about an exposure, you're telling someone else how to [exploit] it. I think security companies should spend more time catching criminals than telling them how to become one," the ever-provocative Enderle says. His view is, in turn, dismissed by Gartner security expert John Pescatore as so much old news. But if security vendors didn't derive at least some benefit from all the publicity surrounding vulnerabilities, they'd be far less proactive in dishing out the information, advice, and expertise every time a new one comes to light.
So all the disclosure of vulnerabilities that's come about in recent years does raise a legitimate issue of whether the availability of too much information--from researchers, vendors, blogs, and news stories by swarming journalists--only makes matters worse. What's your view? Would corporate (and personal) IT security be better served if researchers and vendors weren't so trigger-happy with the bulletins and reports? Or do we need all that information to keep even a half step ahead of the hackers? Weigh in at the comments field below, or respond to our poll.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023