Apple hires ex-Mozilla security chief
Window Snyder, ex-senior security strategist at Microsoft and from late 2006 to late 2008 head of security at the Mozilla Foundation, is joining Apple as senior security product manager. Snyder's experience could help Apple deal with security problems on a range of fronts.
Back in mid 2009, security specialist Rich Mogull called for Apple to pay greater attention to security, including creating a security response team to deal with reports on vulnerabilities in previously released software. Because many Apple projects are based on open source software, it is, according to Mogull, especially important to keep an eye on the security status of these projects and to have a rapid response.
Apple has always tended to be a little behind the game when it comes to closing holes in the software it uses – frequently even in its own in-house WebKit. Major vulnerabilities are regularly found in the Safari web browser. Security services provider TippingPoint's Zero Day Initiative currently lists seven critical, as-yet-unpublished security vulnerabilities in Apple software, all of which, according to US media reports, are in Safari.
Apple did, however, introduce a range of improvements to its operating system on releasing Snow Leopard and reacted to criticism of its poor security. Whilst the winner of the 2009 Pwn2Own hacker contest describes the hurdles to hacking Mac OS X as low ("Writing exploits for Vista is hard work, writing exploits for Mac is fun"), the introduction of address space layout randomisation (ALSR) and data execution prevention (DEP) will pose greater problems for attackers.
Under Snyder's stewardship, the Mozilla Foundation began to introduce a better model for measuring the security of its Firefox browser. At Microsoft, she was involved in developing Windows Server 2003 and Windows XP Service Pack 2. She was also responsible for links between consultants and the Microsoft product team and between her company and security companies and researchers.