03/09/2006, 6:05pm, EST
Thursday, March 9th
BW: Apple should hire security czar
"And when something does go wrong -- and I think eventually something will -- he or she would be Apple's ombuds officer evaluating what failed, where, when and how, and then take responsibility for seeing that it's fixed, reporting on the matter to CEO Steve Jobs, Apple's board of directors, and (where appropriate) its shareholders and customers," the columnist wrote.
While Apple VP of software technology Bud Tribble called the suggestion a "good idea," he said that Apple's approach was different -- that the company was hesistant to assign the responsibility of security to a single person, instead distributing the responsibility to all involved.
"For pretty much all the senior people at Apple, security is one of the top jobs on their list," Tribble told BusinessWeek. "When we think about security and how we design software, the basic approach is to make it as secure as possible, because most people really aren't security experts. We try to make sure things are pretty well locked down out of the box."
Hesseldahl also said that a large-scale, widespread incident on the Mac "could badly wound Apple's reputation."
Filed under: Apple
, 
, 6
, 
, 
, 
, 
, 
Top
subscribe to comments
for this article
Do people who listen to business weeks advice actually stay in business long? Apple already has a public relations department fer cripessake.
ROFLMAO.
So I suppose it's going to be major security issue now because Apple doesn't have a "security czar." Since it is obviously difficult to pose an actual real-world security threat to Mac OS X itself, the focus is now shifting to Apple's personnel in charge of security. The article implies that because Apple does not have a so-called "security czar," it does not place a high priority on security, which is proven wrong be by its product, Mac OS X.
Apple already has a public relations department fer cripessake.
The point of a czar is to have a one person point of contact to handle all things security. When CERT finds a security flaw in apache, say, and wants to find out if OS X is susceptiple, are they supposed to call a PR person? Yeah, like a marketing type is going to know details on these kinds of things.
Hell, that's just like listening to the PR people about what features a new mac is going to have.
As for Apple having a high priority on security, just because OS X seems stable and secure does NOT mean the company puts security on the forefront. It just means no one's finding security holes.
People who look at how a company cares about security is to see how they react to a problem, not how many problems they have. So let's look at the latest issue. The wonderful Safari opens a script error. This was made public at some point, and Apple went over a week without even admitting that a problem existed. WTF is that? No "Hey, there's a problem, we're working on a fix. For the time being, do this..." Nope, Apple doesn't do that. In fact, if you look at a lot of security advisories from third parties, there's usually a long list of platforms and who's effected and not. And where OS X is listed, it usually says something like "Unknown" or "No response".
So, Apple's apparent position is "No comment". Yeah, that's a company that cares.