...with specific respect to testing.
The GotoFail bug from 2014 was pretty egregious - all sorts of non-controversial methods could and should have caught it (checking for repeated lines of code, which should be inspected; checking for unreachable code; actually fucking testing that an invalid certificate didn't fucking work, etc.) and the speed with which Apple has turned round the fix would indicate that this is similarly sloppy and easily fixed.
There was the APFS password hint bug. https://hackernoon.com/new-macos-high-sierra-vulnerability-exposes-the-password-of-an-encrypted-apfs-container-b4f2f5326e79
There was the keychain bug. http://mashable.com/2017/09/26/apple-mac-os-high-sierra-password-exploit/?utm_cid=a-seealso
Not to mention a raft of less critical but still annoying bugs - the random restart/freeze bug would not generate good cheer, for example.
(I found an interesting analysis of the APFS password hint bug, and I'll update this post when I find it again. tl;dr: it's just as idiotic as the GotoFail bug - ETA link https://objective-see.com/blog/blog_0x23.html - it's another copy/paste error)
Apple is an organisation with no excuses - it has the resources and the talent to do this properly. This is a question of management priorities. Whatever Apple says about its commitment to security is irrelevant; the facts are there for all to see.
The GotoFail bug from 2014 was pretty egregious - all sorts of non-controversial methods could and should have caught it (checking for repeated lines of code, which should be inspected; checking for unreachable code; actually fucking testing that an invalid certificate didn't fucking work, etc.) and the speed with which Apple has turned round the fix would indicate that this is similarly sloppy and easily fixed.
There was the APFS password hint bug. https://hackernoon.com/new-macos-high-sierra-vulnerability-exposes-the-password-of-an-encrypted-apfs-container-b4f2f5326e79
There was the keychain bug. http://mashable.com/2017/09/26/apple-mac-os-high-sierra-password-exploit/?utm_cid=a-seealso
Not to mention a raft of less critical but still annoying bugs - the random restart/freeze bug would not generate good cheer, for example.
(I found an interesting analysis of the APFS password hint bug, and I'll update this post when I find it again. tl;dr: it's just as idiotic as the GotoFail bug - ETA link https://objective-see.com/blog/blog_0x23.html - it's another copy/paste error)
Apple is an organisation with no excuses - it has the resources and the talent to do this properly. This is a question of management priorities. Whatever Apple says about its commitment to security is irrelevant; the facts are there for all to see.