Comments on: MacOS X Vulnerability Metrics: Apple vs. The World http://trailofbits.com/2008/05/29/macos-x-vulnerability-metrics-apple-vs-the-world/ 4888 C3C4 099A 4240 9648 719B 84E0 A6FE 32AE 38F6 Mon, 02 May 2011 23:50:01 +0000 hourly 1 http://wordpress.com/ By: Dino Dai Zovi http://trailofbits.com/2008/05/29/macos-x-vulnerability-metrics-apple-vs-the-world/#comment-13 Fri, 30 May 2008 05:31:44 +0000 http://trailofbits.wordpress.com/?p=14#comment-13 @ShawnM
I have heard of external researchers not being credited and other vendors have refused to credit me for reported vulnerabilities before. But it’s hard to believe that all of the unaccredited vulnerabilities are due to denied credit. Another possibility is that those bugs were discovered being exploited in the wild or from found exploits, but that also seems unlikely.

Custom security patches like PaX and GrSec for Darwin would be pretty darn cool…

]]> By: ShawnM http://trailofbits.com/2008/05/29/macos-x-vulnerability-metrics-apple-vs-the-world/#comment-12 Fri, 30 May 2008 05:12:50 +0000 http://trailofbits.wordpress.com/?p=14#comment-12 Of course, door number three is that external researchers aren’t necessarily always credited… Stranger things have happened, yesno?

Still, I think Cupertino is turning a corner. Still have a way to go but yes, it seems to me they are making an effort. That said the recent CoreSec iMail disclosure is pretty embarassing. 4 months isn’t that far off from HP / SnoSoft BITD…

/me loves shiny bits and a Bash prompt with transparent XTerms but is sticking with PaX+GrSec and $LINUX_DISTRO for now.

]]>