Apple has taken the unusual step of sharing a copy of its Mac OS X Lion operating system with external security researchers, some of whom have published vulnerabilities with past Mac software.
That’s pretty progressive thinking for Apple, which has previously kept mum about cooperating with security researchers, also known as hackers, who have from time to time caused the company embarrassment by breaking the security of its systems and then telling the world about it. In this case, the company is seeking feedback from the hackers in advance so that it can patch any holes in the security of the operating system before it is released. If it’s true, that’s a big step because it means that Apple is willing to trust the hackers with its code.
“I wanted to let you know that I’ve requested that you be invited to the pre-release seed of Mac OS X Lion, and you should receive an invitation soon,” said a letter sent by Apple to an unknown number of security researchers. “As you have reported Mac OS X security issues in the past, I thought that you might be interested in taking a look at this. It contains several improvements in the area of security countermeasures.”
Dino Dai Zovi (pictured on left) and several other researchers tweeted about being invited to try out Lion. Charlie Miller (pictured on right), another security researcher, told Cnet that Apple has never reached out to security researchers in this way. If the researchers sign a non-disclosure agreement with Apple, they won’t be able to talk about what they find until the product is released. That muzzles any criticism until Apple has time to fix any flaws.
“At least security crosses their mind now,” Miller said.
Both Dai Zovi and Miller are authors of the book The Mac Hacker’s Handbook and have become famous over the years for breaking the security on Apple’s products.
You know that Apple wasn’t happy about that book. But it is very common for big companies to hire people like Miller and Dai Zovi to undertake “penetration testing,” where the company sanctions them to break the company’s security so that it can be improved. The Linux operating system is constantly improved through the open-source process. But Apple has operated more as a closed company when it comes to security matters. Apple could afford to put security as a lower priority for many years because hackers always went after Windows instead. But now that Apple’s products are more popular, it is becoming a target.