This is where the whole security by obscurity thing really comes into play…
MacWorld is starting, and concurrent with it is comes a beautiful step-child – the Month of Apple Bugs. People are finding bugs in OS X, and others are busy fixing them. That’s great, but you can never make everyone happy – some are questioning the concept of telling the world about the security issues before notifying Apple.
“In the long term, this project is making OS X more secure,” said Gus Mueller, a developer who sells his software through his company Flying Meat. “However, in the short term, these bugs, once shown, can be used destructively.”
So hackers are going to run out and build new exploits, then co-opt their zombie networks for the purpose of capitalizing? Is that what someone is suggesting?
First, that process would be like trying to find a needle in a haystack – Apple computers still make up a small percentage of installs worldwide. Then, you have to target a handful of slightly obscure exploits. If you’re the malcreant, you get started, but have to race Landon Fuller & Co. while they are fixing the exploits. All the while, you are hoping every Apple employee is at MacWorld (i.e nobody at Apple is paying attention to the finds or the fixes).
An unlikely scenario.
Meanwhile, I don’t hear anyone at Apple bitching about this. For those in their security department (if they have one), it should be a party. They’ve got others doing their job for them!