Good column by Bill Thompson…
Different calculations apply when it comes to dealing with people who already use its products, where Apple’s unwillingness to divulge details of security flaws or even the specifics of how flaws are fixed leaves customers confused, ignorant and possibly exposed to attacks that could be avoided.
Patches are simply distributed through Software Update, with little detail about the problems they address or the changes they make, and discussion of security is severely restricted.
We have seen this recently, as two Apple-related talks at the 2008 Black Hat hacker convention were pulled at short notice. A discussion of flaws in the Mac OS disk encryption system FileVault by Charles Edge was withdrawn because he has signed confidentiality agreements with Apple…