
Apple wises up by sharing its Mac OS X Lion code with hackers - tortilla
http://venturebeat.com/2011/02/26/apple-wises-up-by-sharing-its-mac-os-x-lion-code-with-hackers/
======
pieter
It's a good thing to note here that 'code' doesn't mean 'source code'. They're
giving the security researchers free access to the same OS X seed you can get
by paying Apple $99/year.

~~~
edge17
I really don't even see how anything they gave to the security researchers
could remotely mean source code. The title's total flame bait

------
tptacek
Contrary to what the article reports, this isn't the first time Apple has done
exactly this. It may be the first time they've been so public about it,
though.

------
lawnchair_larry
This seems like weird PR engineering to me. Everyone and their dog can get the
dev seeds for free and without an NDA if they want them. You'd run into
trouble if you disclosed something based off of a pirated/torrented seed, but
all you have to do is wait and "rediscover" it in a legit copy, or pay the $99
when you know you have a bug to sell.

There is no real-world change here, just an administrative one. It seems like
this is just about politics and is fairly inconsequential.

------
tomkarlo
"Apple could afford to put security as a lower priority for many years because
hackers always went after Windows instead."

They kind of just snuck this backhanded comment in at the end of the article.
I don't know if it's true or not, but either it's the opinion of the reporter
in an otherwise "non-opinion" article, or there should be some cited source
that has actual insight into Apple's internal history around security issues.
Otherwise, it's just unsubstantiated conjecture tacked into the end of a news
article.

------
iuguy
It wouldn't be hard for Apple to stick an NDA in to stop these guys from
releasing bug info further down the line.

Of course, I hope the guys who received the CDs are at least getting paid -
otherwise I imagine we'll see a few bugs go the other way but some may choose
to wait till the final release anyway.

~~~
tptacek
Apple is basically just offering security researchers access to the developer
seeding program. The same NDA in place for developers applies to researchers
here too: you can't disclose findings until Lion ships (technically, you can't
disclose anything you find on a seed at all).

This is obviously only fair. If you don't want the NDA, don't take the seed.

~~~
iuguy
Thanks for pointing that out, it makes a lot of sense.

It'll be interesting to see whether these guys pony up all the 0day before
release or wait until the blackhat/defcon after.

