Apple does too. Ever read the security vulnerabilities for the "Credit" line? Look how many say "Apple". A bunch.
Perhaps they just aren't looking the same places as Charlie. That's all. You know, they only have access to the multiple millions lines of code they maintain for all their products... J On Mar 27, 2010, at 7:58 AM, Larry Seltzer wrote: > I wrote about this myself a little while ago: > http://blogs.pcmag.com/securitywatch/2009/12/does_microsoft_look_for_vul > ner.php > > Microsoft puts a lot of effort into security research for products under > development. But once the product ships they stop looking. Alex Sotirov > pointed out that Microsoft's customers, by paying iDefense and > TippingPoint and the like, end up paying for research Microsoft should > be doing. Perhaps Microsoft is also a customer of these companies, I > don't know. > > LJS > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Juha-Matti Laurio > Sent: Saturday, March 27, 2010 7:24 AM > To: [email protected] > Subject: [funsec] Miller, Pwn2Own's winner tells Apple, Microsoft to > find their own bugs > > http://www.computerworld.com/s/article/9174120/Pwn2Own_winner_tells_Appl > e_Microsoft_to_find_their_own_bugs > > "The only researcher to "three-peat" at the Pwn2Own hacking contest said > today that security is > such a "broken record" that he won't hand over 20 vulnerabilities he's > found in Apple's, > Adobe's and Microsoft's software. > > Instead Charlie Miller will show the vendors how to find the bugs > themselves. > > Miller, who yesterday exploited Safari on a MacBook Pro notebook running > Snow Leopard to win $10,000 in the hacking challenge, > said he's tired of the lack of progress in security. "We find a bug, > they patch it," said Miller. > "We find another bug, they patch it. That doesn't improve the security > of the product." > > Juha-Matti > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. -- Joel Esler http://blog.joelesler.net _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
