Ready Aim Fire, by karschsp

Ready Aim Fire, by karschsp

It’s now day two of WWDC, and amidst the AT&T iPhone 3G customers crying foul at the upgrade price to the 3GS, we’ve seen previews of the newest revision of the OS X series, Snow Leopard. After listening to the keynote (btw, I am not actually there, just living vicariously through the twits that are), I finally understand why Apple did a total stoner’s give-up on the name to the new OS. At first, I was a little bummed.

I mean, can’t you imagine what the Apple commercials would look like if it were code named Cougar? Rawr!

Snow Leopard is largely based on Leopard, but with several core components rewritten or enhanced to add amazing new functionality that is making my mouth water like crazy. My first computer was a Mac–the old all in one that had the OS loaded on the first 3.5″ diskette you put in. Total awesomeness. In High School, I discovered the greatness of Unix with my first internet account through Netcom. Then running some Linux machines in the lab at school. Man, I hosed MANY a Linux box back in the day. After High School, I switched to PC for a while. OS 9 seemed stagnant, and at the time PCs were experiencing much more of the cool factor than Macs were.

After OS X released, I’d always wanted to get back into Mac. So I took the plunge! Now that I live in the Mac world (except for my work PC… not bitter), I am very excited to see Snow Leopard continue to grow in functionality and integration into the corporate networks we live with every day. The Exchange functionality in Mail is looking super sexy! With the new line of eco-friendly laptops being released just before the release of Snow Leopard, there is no question that we will see a swell in the growth of this platform in IT.

OS X has largely flown under the radar from a security vulnerability perspective. That’s not to say that Apple has not had to scramble to fix some serious vulnerabilities in the past, but when you look at the number of vulnerabilities in OS X over its lifespan versus say Windows XP, it is largely flying under the radar. Also, consider that Microsoft owns anywhere from 85-90% of the PC market depending on error and data source. If I were a bad guy, I would target something that will get me the biggest bang for the buck, or Microsoft Windows.

As Apple’s market share grows, this will change. This article from Darknet UK suggests what many in the industry have suspected, Apple is woefully unprepared and may end up becoming a victim of their own success.

Software vendors are sometimes pressured to push software out the door before being able to complete security reviews. I know this because I used to write software for a company that routinely did this. Security is something that is an afterthought in most of the development world. Instead, companies like Apple, Microsoft, and Adobe (as mentioned in the Darknet post) should put their software through the rigors of code reviewing technology to find as many vulnerabilities introduced by sloppy coding BEFORE releasing the product to the world.

The Ready-Fire-Aim method is the way we deal with security in software today. Release it, wait for something to happen, and then fix it later on. It’s like the Dump & Chase method in hockey. You are relying on your offensive players to chase down the puck on the opponent’s side, beating their defense, while using your own defense to keep the puck in the zone.

In order to move that Aim back one step where it should be, we need to focus on security before code is released. Even to the point where we might choose to delay a release by a month in order to find and fix these vulnerabilities. The easiest vulnerabilities to fix are the ones that don’t show up in the final code base in the first place.

This post originally appeared on

Possibly Related Posts: