Apple Hires Former Microsoft Researcher, Strengthens Security Team7:34 PM EST Fri. Dec. 07, 2012
Apple has hired a security researcher who built a name at Microsoft by helping to strengthen security around the Windows operating system.
In the new role for her Cupertino, California-based employer, Kristin Paget, formerly known as Chris Paget, is expected to net similar results for Apple's OS X operating system and related product lines.
During Paget's tenure at Microsoft, a variety of security bugs that would have further impacted the Vista operating system were identified prior to launch. The launch date was subsequently delayed until those issues could be resolved.
[Related: Apple's Oh So Brief Black Hat Appearance]
Paget joined Apple in September, according to her LinkedIn profile, where she claims the title, Core OS Security Researcher.
The hiring is a "smart move," according to Steve Weeks, president of Netcetera, a North Vancouver, British Columbia-based channel partner. "Everybody knew that as [Apple] became more popular in the business space, people would start to attack them. I think a lot more security vendors saw that coming, so they started doing things to make sure that their products were able to support Apple. I don't think Apple is less secure than they used to be, but I do think they're a lot more on the radar of people who are trying to hack and push out viruses. They've moved into a more vulnerable space by getting into the business end of things."
Given that shift, security appears to have a higher profile at Apple than has previously been the case. The company for the first time sent representatives to address last summer's Black Hat conference in Las Vegas, but their presentation was immediately followed by a notably hasty exit.
But, Paul Henry, a forensics and security expert at Lumension, suggests that Apple has a long way to go.
"Apple is trying to be an enterprise player, yet at the same time are not doing an enterprise-class job of patching things," he said. "Apple, as a company, needs to grow up."
Specifically, Henry takes issue with Apple's patch deployment, not just in terms of its own technology but also as it relates to technologies embedded into Apple's systems.
"We had an issue a few months back with three known Java vulnerabilities. But, Apple only included one of those patches in their download, so people were still exposed for quite some time. Microsoft rolled out the patches instantly, but Apple drags their feet. Apple needs to investigate what's been done by Microsoft, but Apple will never admit, or want to do, anything like Microsoft."
NEXT: That's Oracle's Job!
However, Andrew Plato, president of Anitian Enterprise Security, an Oregon-based channel partner, clearly disagrees with Apple's handling of patches.
"I don't hold Apple responsible for patching Java," he said. "That's Oracle's job. I think Apple has done a very good job of patching their system. But, Apple also has a huge benefit over Google and even Microsoft because of their tight control over their ecosystem. When Apple puts out a patch, everybody gets the patch at the same time. It does not have to go through distributors and carriers and manufacturers."
Plato asserts that Apple has solid security technologies built into their products, "but it's under the covers. You don't really see it out in the open. They're now trying to be more business-focused, and in order to do that I think their security needs to be more visible and a bit more granular."
Plato further describes Apple as a "somewhat shadowy" company. "I think any visible effort towards higher security is a good thing for them. They also need to get out in the community and quit hiding. When they were at Black Hat, they went running out the back door. They need to get out in the community and make their case, engage the security world and let people know what they're doing. If they did that, the market would have a lot more faith in them."
PUBLISHED DEC. 7, 2012