IBM: Apple Crumble @ Blackhat


In addition to my previous blog post: http://blogs.technet.com/ms_schweiz_security_blog/archive/2008/03/29/black-hat-who-patches-security-holes-faster-microsoft-or-apple.aspx


From IBM Internet Security Systems:
http://blogs.iss.net/archive/AppleCrumble.html


The highlight of the day was the presentation given by Stefan Frei and Bernard Tellenback titled “0-day Patch – Exposing Vendors (In)Security Performance” covering their analysis of several years of vulnerability disclosures and patching processes from various vendors, and a detailed dissection of Apple’s and Microsoft’s performance. 


In essence, with their “0-day Patch” metrics, they managed to show just how far Apple is trailing Microsoft in security patch responsiveness – in fact, after inspecting their graphs, Apple appears to be trending entirely in the wrong direction; more vulnerabilities, longer patching times, more 0-days, etc. – not the sort of thing we expect from a well known software vendor.


Not entirely unrelated to this: Gone in 2 minutes: Mac gets hacked first in contest
It may be the quickest $10,000 Charlie Miller ever earned. He took the first of three laptop computers — and a $10,000 cash prize — Thursday after breaking into a MacBook Air at the CanSecWest security conference’s PWN 2 OWN hacking contest.


Urs


 

Comments (1)