On 1/04/12 03:21 AM, Kevin Chadwick wrote:
On Sat, 31 Mar 2012 20:28:14 +1100
ianG wrote:
"However, unlike [their competition], Apple promises its service to be
highly secure and reliable."
And they will achieve that.
On what basis do you believe that,
Because I can see their business mind, and how they integrate it into
the product. The business model drives the product, not the other way
around. Consider it top-down not bottom-up. The problem with bottom-up
designs is that you can't see far enough up the pyramid to see what it
is you are supporting. But you have a lot of fun building great
supporting building blocks, so you carry on :)
(I'll leave aside the problems with top-down :)
just transport security.
If you've got transport security, you've got nothing.
Transport security is an old idea going back to the days of ISO's 7
layer model. Layer 5, from memory. It's a building block approach -
"and now we add the security module and our job is done." Curiously,
security layering was one of the bad ideas that the Internet didn't
eliminate. Much to our cost.
I have a solution for this and Apple and Google are way off anything
that would make me choose to use it.
Well, ok. I understand that you don't want to simply copy them. And
you probably can't - you have a different resource mix.
But, they are the competition - so they deserve comparison if not copying.
A simplistic comparison here was code reviews. Apple makes it "safe" by
doing reviews of code. They also create barriers to get in. If you
muck up you're kicked out - that's a punishment, you lose all your input
costs.
My question was, what happens when an app goes postal? Well, Apple have
an answer.
iang
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
