The Security Mentor

You can read more about the recent Mac OS X vulnerability at SecurityFocus. Their article is impressively accurate.

SecurityFocus quotes Apple:

In a statement issued along with the patch Friday, Apple called the hole a "theoretical vulnerability" that never placed customers at risk.

"Apple takes security very seriously and works quickly to address potential threats as we learn of them -- in this case, before there was any actual risk to our customers," said Apple's senior vice president Philip Schiller. "While no operating system can be completely immune from all security issues, Mac OS X's UNIX-based architecture has so far turned out to be much better than most."

I feel like screaming from the rooftops:

Security is not a PR problem!

"Actual risk" doesn't begin when a massive worm attack makes headlines. Apple heard about this particular vulnerability in February. Apple didn't publish a security update until someone went public with the news. For all that time the vulnerability was no more "theoretical" than a loaded pistol on the floor of a day care center. Nobody picked it up and started shooting (thank God for small favors) but that's no excuse for complacency.

Complacency trumps technology. Leaving serious bugs unfixed ruins the security advantages of OS X's Unix core.