Krebs shows that Apple’s average time between receiving notice of a security bug and releasing a software update to fix it is about 90 days — quite a bit longer than the response time for most Linux distributions. He interviews Apple’s Bud Tribble about this, and Tribble reasonably argues that it takes Apple longer to release updates than most Linux distributors because Apple’s standards for updates that “just work” require more QA testing.
Krebs also (rightly) takes Apple to task for the way they under-document security fixes.
A genuinely fair and balanced look at the state of Mac OS X security, overall.
★ Wednesday, 3 May 2006