Here's what a selection of security experts had to say about Apple's first-ever appearance at Black Hat -- what they were looking for and what they walked away with.
Gunter Ollmann, vice president of research at Damballa, an Atlanta-based security vendor: "Apple has added some very visible people to their security team. When you start hiring that caliber of people, the expectation is that they will interact and communicate with the rest of the security community."
Chris Wysopal, aka "Weld Pond," CTO at Veracode and a noted security expert: "Everyone was disappointed because there was not one bit of new information. Black Hat is where you introduce new information, and you would think they would have taken advantage of that opportunity. You have to wonder, what was the point?"
Eugene Kaspersky, founder and CEO, Kaspersky Lab: "We were very pleased to see Apple make its debut at Black Hat in 2012 -- it is certainly an example of the company taking a step in the right direction. There's no doubt that the sentiments shared during Dallas De Atley's Black Hat presentation are valid. But the truth is that security cannot be fully addressed by the design and architecture of a product or platform alone. And it is this thinking where Apple is coming up short. Continuous improvements and fast reaction times are crucial to maintaining security for Apple users. We hope to see Apple put a more concentrated effort on working with security researchers and at minimum increasing communication with the security community."
Charlie Miller, principal research consultant for Accuvant Labs, who was hired by Twitter earlier this month in an as-yet unspecified role: "It would have been good to hear them say, 'Here is where we're going next with iOS, and here is how we are going to lock it down some more in the next version.' "
PUBLISHED SEPT. 24, 2012
