SECURITY ENGINEERS at the Cupertino fruit company have cancelled their planned session at this week's Black Hat security convention in Las Vegas.

In what would have been a first for Apple, members of its security response team had been scheduled to talk about how it handles security threats and vulnerabilities in Mac OSX and other Apple software. They were expected to declare that Apple takes security seriously and outline how it adds additional layers on top of the OSX Unix base to keep customers secure.

Jobs' Mob doesn't interact much with the rest of the computing security community and has a reputation for lacking openness about its security practices, an approach for which it has been criticised by other security researchers.

Apple was noticably tardy in releasing its patch for the DNS cache poisoning vulnerability recently discovered by Dan Kaminsky. And the company apparently blew its fix to the DNS flaw, according to a researcher at SANS Internet Storm Center.

Apple pulled its session virtually at the last minute, Black Hat director Jeff Moss said Friday in an interview with Computerworld.

Moss said, "Marketing got wind of it, and nobody at Apple is ever allowed to speak publicly about anything without marketing approval."

He declined to reveal who from Apple was scheduled to speak at the conference, saying that naming the individuals could jeopardise their jobs.

By being so obsessive about the company's precious image that it barred its employees from talking about its security engineering, Steve Jobs' pastel dictatorship has lost an opportunity to present Apple's security practices in a positive light and dispel impressions in the industry that it's a computer security lightweight. µ

L'Inq
Computerworld