Ryan Naraine has a good interview with Dino Dai Zovi, winner of last week’s MacBook Pro exploit contest at CanSecWest:
Q: Apple has been criticized in the past for not responding
appropriately to third-party findings. What has been your
experience working with them?
A: On my site, I list several vulnerabilities I’ve found and
reported to Apple and I’ve found them to be very responsive and
upfront about verifying things and giving credit. Some things are
fixed quicker than others and maybe you can say they take too long
on some things but when there are interdependencies on components
being fixed, it can be a month of two before you see a patch.