Month of Apple Bugs

[juco]

Hope this hasn't been posted.

What does everyone make of this ongoing project to unleash all those Apple bugs? Helpful? Making us more vulnerable?

I discovered it from this BBC article.

The project page I believe is found here. Listing the bugs they've found so far, Q&A and more.

I also find it strange how Apple have not yet commented on it, as far as I can see anywhere. I hope they pluck up their ideas and start making some official fixes.

 

[Jem]

I think it's quite helpful, kinda wakes people up BUT I'm at a loss as to what they think they'll gain by revealing bugs in applications that aren't Mac specific OR written by Apple OR even commercial product.

The first bug was in Quicktime, ok it exists on both Windows and OS X versions AND it's written by Apple so fair enough.

The second bug is in VLC - not only is this not written by Apple, it's also cross-platform (and the bug is on both platforms) and better than that, VLC is a FREE piece of software so what on earth is the point in releasing this one? Is it simply an admission that they can't find an Apple bug worth crowing about? I could write a piece of software that's full of bugs, stick it on a website for free download and the MOAB guys would come over all smug when they find it's rubbish but would anyone care?

And todays exploit is actually beyond me. Maybe I'm reading this wrong but it seems to require Windows 2000 SP4 and an already-patched vulnerability to manage to exploit a loophole in Quicktime - so is this QT for Windows only? Can it be actively exploited "in the wild"? It also appears to be an extension of a pre-disclosed vulnerability so doesn't appear to be a "new" issue.

It's an interesting idea, I just think it needs a bit of quality control...

 

[yogi]

It's necessary. Better start now than later, and it gives an idea of the big picture Apple is facing, and a comparison possibility towards Windows.

 

[caribiner23]

I view it as a real positive thing.

If these people uncover real issues, Apple gets the opportunity to fix them. If they come up with things that are out of Apple's control, it will cause the vendors to take notice of their own flaws and fix them. If they come up with unimportant things defined as "flaws" it merely proves what a robust platform the Mac is.

It's good all around.

 

[yogi]

There was some commotion about the project's credibility on digg. I gave my thoughts in response to one blogger in my own blog (see signature).

 

[PowerBookG4]

I think its a good idea, this project has been done on other platforms but they have told the company before they released their information. However, they are not doing it on this particular run. Apple is going to have to be right on top of this in order to keep us all safe so that it doesn't affect us for a long period of time. It is good though that they will find the holes in the os and other problems with security and the like so that hackers don't find it and it goes unnoticed giving us all problems.

 

[traded]

I agree with the general idea but I think they put themselves in an unnecessarily difficult position of having to find an issue daily. This has and probably will result in meaningless issue discoveries. Who cares if they find one each and every day, i would rather they find a couple of true, exploitable in the wild (to use Jem's term), flaws.
It seems forced to me.
-d