"Month of Apple Bugs" announced
Following on the attention drawn this year by the Month of Browser Bugs (MoBB) and the Month of Kernel Bugs (MoKB), a security expert using the pseudonym LMH has announced that January of 2007 will be the "Month of Apple Bugs" (MoAB). In collaboration with Kevin Finisterre, who has already published exploits for patched security holes in Mac OS X and reported a number of weak points to Apple, LMH now plans to report a security hole in Apple products each day in January.
As with the error reports published as part of the Month of Kernel Bugs also initiated by LMH, Apple is not to be informed beforehand about the security holes. LMH explains that, while not telling Apple in advance will make Macs less secure in the short term, in the long run the project will, however, increase the security of Mac OS X. LMH told Brian Krebs, " Up to now, a lot of Mac OS X users have believed that their system is bullet-proof, and there are some people who are interested in making it seem so."
It is not yet clear whether Apple is going to do anything about the announced Month of Apple Bugs. In a similar case, David Maynor and John Ellch, who discovered security holes in Apple's WLAN drivers, have indicated that Apple told them to keep their mouths shut. Likewise, the Week of Oracle Database Bugs (WoODB) announced by Argeniss was cancelled without any explanation being given, but following some serious criticism.
2007 will be an eventful year for security experts. In addition to the announcement for the Month of Apple Bugs, security expert Stefan Esser is also thinking about organizing a Month of PHP Bugs. Recently, he left the PHP Security Response Team because, as he put it, he did not see any way of making the project more secure "from within."
- Coming in January: "Month of Apple Bugs", Brian Krebs' blog entry