Slashdot Mirror
Call for Apple Security 'Czar'
conq writes "The second security non-incident to hit the Mac platform in as many weeks has been debunked. People are talking a lot about security on the Mac these days, and the result is that a great deal of FUD is being spread around. BusinessWeek's latest Byte of The Apple column suggests that its time for Apple to appoint a security Czar to get out ahead of the FUD before it spreads much more." From the article: "Creating a CSO position may be viewed by some as an admission of weakness. Still, I say it would be a good way for Apple to inoculate itself against the perception -- warranted or not -- that Mac security may be eroding, and get ahead of the curve for any troubles that may be inevitable. That may not be the case, but in matters related to product marketing, it's the public perception, not the reality that really matters. And once you've lost a user's confidence, it's hard to get it back. Just ask Microsoft."
that is funny. The reason why you can not trust MS is because they have loads of security issues. With Apple they have been overall secure. What I find funny is that a column would call for them to go through the hoops that MS does now, rather than simply staying the same course that has worked well for mainframes, other *nixs, and all the trusted systems that they gov. uses today.
I prefer the "u" in honour as it seems to be missing these days.
Especially if the appointee is a highly-visible and respected switcher to OSX from the open-source community.
If nothing else, it'll start an effective and accurate comparison of the state of security between OSX and Winodws, a feature of OSX that Apple has not stressed as much in their ads as they should.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
Jacques A. Vidrine was recently hired on (leaving Verio) and now holds a high level position in the Apple Information Security. Jacques was the former FreeBSD Security Officer
It would seem that what the author really wants is for Apple to comment on silly people doing things with Apple computers, which is the job of a marketing person. The marketing person just goes and asks someone authoritative sounding to comment, wraps that in pretty and feeds it to the public. No big deal. And that's certainly not a reason to make a security czar.
more information about the security for mac. I think the security is good enough, but (and I know I sound mental) I feel more secure on windows, because even because i might get a virus/spyware I've got pretty good at knowing how to deal with it if I get it and not get it. If I was on mac and got any security problem I'd never know and so it could run for ages...
That said i do want to migrate...
*''I can't believe it's not a hyperlink.''
Isn't appointing a czar what ineffective beauracracies do in response to a problem they don't have an answer for?
Have there been any successful czars for anything?
"The government grants you rights, not the other way around."-- beav007. Yes, these people really exist...
It's my understanding that thus far, Apple has been intentionally downplaying their system's security because they don't want to be seen as taunting hackers. A "security czar" might be seen by Apple as just such a misstep. The last thing they want is a guy standing up at an Apple podium exclaiming how their security is invincible, because that's one sure way to make themselves a bigger target.
I think it does affect the typical Mac user. One could easily use the recent Safari remote code execution bug to download and install this local privledge escalation bug and then use the resulting superuser privlidges to create a new superuser account on the system and shoot an email off to some hotmail address with the system's IP, the new login, and password.
This article writer for BusinessWeek doesn't seem to grasp the business role of a Chief Security Officer. The author's suggestion for a CSO doesn't come close to the job duties defined in most businesses. It would be a large waste of resources to have a CSO primarily act to "wave the flag for all things related to Mac security, debunking myths, correcting the record, and providing a public face when issues crop up."
The single Apple source the author quoted doesn't seem to grasp the role either. He "said the company would be reticent to assign security issues to any single individual, and that the responsibility of a CSO instead tends to rest with everyone." By that logic, what's the point of a CEO, COO, CFO, or any other chief-level position in the company?
IMHO, the role of a CSO is critical in big business, especially a technology company such as Apple. However, this BusinessWeek writer and the quoted Apple's VP of Software Technology apparently don't understand why. I sure hope somebody in Apple's senior management and/or in the Board of Directors does. Honestly, I'm quite surprised Apple doesn't already have a CSO, but certainly they must already have security management positions and one or more security divisions.
= jombee