[Cryptography] best practices considered bad term
Ralph Holz
ralph-cryptometzger at ralphholz.de
Sat Feb 7 20:52:59 EST 2015
Hi Ian,
I find your argument intriguing, but it is not supported yet by
evidence, and there may be different interpretations to the same
statistics. I am not saying you are wrong, but having actual data to
support that would be great - this is probably an area for qualitative
analysis followed by quantitative:
> I'm not so sure. If you look at the 2000s, Apple shipped gear that was
> remarkably free from bugs and attacks. Their security bug list was in
> the 3 figures whereas Microsoft was in the 5 figures. I suspect that is
> still the case, although I don't track it.
This may also be an artefact of inaccurate reporting of bugs, e.g. due
to a security team that was too small. It may also be an artefact of not
enough people outside poking the software.
> Now, here's the sell: Over the 2000s, people drained out of the
> Microsoft world to the Apple Mac OSX world pretty consistently. At the
> start, Apple was tiny. At the end, the biggest.
>
> And -- my hypothesis -- they did that in significant part because the
> Mac OSX product was more secure. By this I mean, no requirement to run
> virus scanners, and until last few years, very little update and change
> requirement. Which meant more time and more $$$ in users' pockets.
I cannot recall any colleague who gave security as the first argument
for a switch to OS X. It was almost always the convenience of the OS,
plus the coupling to other devices. Sure, this is not a representative
sample - but it makes me ask for some real data.
> I'd say, *in the long run*, Apple beat Microsoft on software security.
> It helped that their hardware was good too, and that they had the sense
> to aim for the premium price range. By that, I mean Jobs took the long
> view, a decade. Wouldn't fly in other circumstances of course.
Given that Microsoft has a good development lifecycle in place, this
makes me ask for data even more so. :)
Ralph
More information about the cryptography
mailing list