According to Brian Krebs' Security Fix blog in The Washington Post, the "Month of Apple Bugs" project is aimed at exposing and creating awareness around security holes in Mac OS X that will lead to better future security.
The project is being conducted by a researcher who uses the handle LMH and Kevin Finisterre, the former head of research and development at SNOSoft and the publisher of several Mac bugs.
Gartner analyst John Pescatore told SCMagazine.com that the project may force enterprises to demand better patching processes for platforms other than Windows. In addition, it proves that all operating systems, regardless of their market share are subject to vulnerabilities and should be patched as soon as possible.
"There's nothing about Macintosh that says their code has fewer vulnerabilities than Windows," he said. "It's just that nobody has pounded on it, because even if you did and launched an attack, you wouldn't make any noise."
Researchers' attention is obviously turning to alternative platforms, as evidenced by numerous Apple security updates this year. In November, Apple fixed 31 vulnerabilities, including a fix for a dangerous wireless driver flaw that was reported by security researcher H.D. Moore in November's "Month of Kernel Bugs" project, which also included reports from LHM.
January's initiative also follows the "Month of Browser Bugs" project, led by Moore in July.
Vendors have been critical of the projects when they are not first notified of the vulnerabilities.
"It's important to emphasise that something like this is irresponsible disclosure," John Viega, McAfee's vice president and chief security architect, told SCMagazine.com. "Apple is not being given a chance to address [these bugs]. I think that's a huge detriment to their customers."
An Apple spokesperson could not be reached for comment today.
New Year's resolution? Publish a month of Mac bugs
By Dan Kaplan on Dec 20, 2006 9:07AM