32708mbapwned Interesting article on the Forbes site today about security researcher Charlie Miller discovering a trove of more than 20 Mac bugs recently using a technique called dumb fuzzing.  Charlie is a noted Apple Mac hacking specialist.  A few quotes:

"When I first began saying that Macs were less secure than Windows, everyone thought I was an idiot," says Miller. "So I had to prove it again and again and again."

“…Apple devices aren't safe "right out of the box," as the company has claimed for years.”

“The results don't look good for Apple: 20 bugs in its Preview application--all of which apply to Safari as well--compared with only 3 or 4 each in Adobe Reader and Microsoft’s PowerPoint. "It's shocking that Apple didn't do this first," says Miller. "The only skill I've used here is patience."

Read the whole Forbes article here: The Mac Hacker Strikes Again.

Of course, this is not the first time someone has written about Mac security flaws that need to be acknowledged and closed. 

Rather, it is a reminder, again, that the best security comes from layers of defense – a concept called “defense in depth” – that address security in personnel, technology and operations over the life of a software system. 

At Microsoft, over the last 6-7 years we’ve worked to “bake security in” to our software from the very beginning of the software lifecycle using a process called the Security Development Lifecycle, or SDL.  I wasn’t with Microsoft back when this all got started, but I hear it was a significant change in how we built software – and made a big improvement in the security of Microsoft software.  

If you’re interested in the Security Development Lifecycle, here are some resources to learn more – including how you can apply the SDL in your own software development work:

Technorati Tags: ,,,

Bookmark and Share