It seems that Apple has gotten embroiled in a security scandal of one sort or another every few months.
It dodged Heartbleed but was hit by the very embarrassing ‘goto fail’ bug. It was called out for not adequately documenting the uses of diagnostic tools that could have been used to collect data from user devices. Late last year researchers showed off a method for siphoning data via the charging port of iOS devices. A year ago a researcher went public with a method for accessing Apple IDs of developers after he says he got no response from Apple. And then there was this week’s celebrity photo hack, which may have been able to be prevented by making iCloud backups more secure.
In each of these cases, Apple fixed vulnerabilities, released support notes or patched bugs. But in almost all cases, and many others over the years, the company was as opaque as possible about explaining the details of security issues, reluctant to admit to them publicly and very unresponsive to independent security researchers. That leads to misunderstandings and FUD about the extent of the problems and the risks involved for users.
This needs to change or it will continue to happen.
Apple as a company has shown to have deep concern for the privacy of its users. It very frequently goes against common business wisdom to protect user information from third parties. One example of this is Apple refusing to share subscriber info with the publishers of iPad magazines. Apple sources, including both past and present employees, have never shared any information with me that indicates that Apple is interested in anything less than complete user privacy.
But though the company appears on many levels to have the best interests of users at heart, it does not appear to be expending the same kind of deep, detail-oriented effort on security as it is famous for in many other product areas. Apple will obsess over the degree of chamfer on a button, but somehow shoots itself in the foot with silly security mistakes over and over again.
This article has been extracted from http://www.techcrunch.com/, please click on this link to read the article in full http://www.techcrunch.com/2014/09/02/why-apple-should-be-more-transparent-about-security/
Montash is a multi-award winning, global technology recruitment firm. Specialising in permanent and contract positions across mid-senior appointments which cover a wide range of industry sectors and IT functions, including:
ERP, BI & Data, Information Security, IT Architecture & Strategy, Energy Technologies, Demand IT and Business Engagement, Digital and E-commerce, Infrastructure and Service Delivery, Project and Programme Delivery.
With offices based in London, Montash has completed assignments in over 30 countries and has appointed technical professionals from board level to senior and mid-management in permanent and contract roles.