• On MovieTome: TRANSFORMERS 2 SPOILERS!
August 4, 2008 8:07 AM PDT

Apple's security through obscurity policy at Black Hat

Posted by Matt Asay

Apple makes beautiful products, but don't try looking under the hood to see how secure they are. I'm a huge Apple fan, but I found this news that two presentations on Apple's security were pulled from the annual Black Hat conference.

One was a presentation by Apple employees on the company's security policies. On that one, it's shocking that the employees were planning to speak at all, as Apple is very tight-lipped about anyone within the company speaking publicly.

But the other, as the Slashdot commentary highlights, was to discuss problems with Apple's FileVault encryption system. This sort of public discussion is critical to helping to resolve security issues, especially with Apple recently found to have the most security vulnerabilities by an IBM research team. Security through obscurity doesn't work.

As Apple (thankfully) becomes a bigger force in the market, it needs to ensure its security is top-notch. Its architecture and Unix underpinnings already give it a headstart, but working through potential security problems in a transparent manner would help further.

Yes, Apple is skittish about any public disclosure. But security is one area that it can't afford to keep its cards too close to its vest.

Click here for full coverage of Black Hat 2008.

Matt Asay is general manager of the Americas and vice president of business development at Alfresco, and has nearly a decade of operational experience with commercial open source and regularly speaks and publishes on open-source business strategy. He is a member of the CNET Blog Network and is not an employee of CNET. Disclosure.
Topics:

Industry news,

Apple

Tags:

Apple,

security,

Black Hat

Bookmark:
Digg
Del.icio.us
Reddit
Recent posts from The Open Road
The BBC urged to become UK's "open-source media platform"
Microsoft boosts revenue through licensing complexity
Red Hat CEO: The secret to open-source success is "iteration"
Call for Papers for Open Source Business Conference is now live
Marc Fleury's OpenRemote gets into databases with Beehive
Add a Comment (Log in or register) 3 comments
by The_Decider August 4, 2008 10:47 AM PDT
Well, if FileVault has exploitable issues than attackers will be more than happy to find it and exploit it.

As MS has proved time and time again, black box "security" is no security at all.
Reply to this comment
by Seaspray0 August 4, 2008 11:48 AM PDT
Apple rhetoric has always been "don't acknowledge any security flaws and then they won't exist. Only the other guys have security flaws." Yea, right... "especially with Apple recently found to have the most security vulnerabilities by an IBM research team." Decider will be happy to deny any kind of security vulnerability. So, are you going to listen to the fanboys or are you going to take the steps needed to protect your computer? The truth: there is no such thing as a totaly secure operating system.
Reply to this comment View reply
Powered by Jive Software
advertisement

About The Open Road

Matt Asay brings a decade of in-the-trenches open-source business and legal experience to the Open Road, with an emphasis on emerging open-source business strategies and opportunities. Matt is general manager of the Americas division and vice president of business development at Alfresco, a company that develops open-source software for content management. He is a member of the CNET Blog Network and is not an employee of CNET. Disclosure.

Add this feed to your online news reader

The Open Road topics

Featured blogs

advertisement

Inside CNET News

Scroll Left Scroll Right
News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
Best hybrid cars
Cell phones
Dell
GPS
CNET sites
CNET TV
Downloads
News
Reviews
Shopper.com
Site map
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET