Friday, September 19, 2008

Apple security - not ready for corporate use

Apple's security fix process is a little, shall we say, not insanely great:
On September 9th, security teams met, reviewed the updates, set priorities and assigned resources. Remember that unlike other vendors, Apple did not provide any advanced notification on timing or the magnitude of the updates. This update caught everyone off guard. Then again, without notice, security teams were brought back to the meeting room to discuss the updates on September 12th (repeat drill above). Then yes, you guessed it, same story again on September 15th and again on the16th. Who knows, maybe by the time this is published, there will be another update?
Microsoft thought long and hard before shifting all security patch releases to "Patch Tuesday." Apple is still releasing willy-nilly, which makes it very hard for corporate IT staffs to plan their update workload. As Apple finds itself releasing almost as many security patches as Microsoft (maybe more this month), it's starting to look like it's more expensive to manage OS X than Windows.

If security's your thing, then RTWT.

Via ZDNet's Zero Day security blog, which is new addition to the blogroll.

No comments: