If Apple carries on with its many programming misdeeds, it will soon see a breakdown in its shiny, new security
Recently, Apple decided to replace open source OpenSSL with its own libsecurity_ssl. In doing so, Apple went from a large community to a small community with poor development practices.
Reportedly, the company made the move due to OpenSSL not having a โstable API,โ meaning that when Apple distributed security patches to OpenSSL, applications dependent on it would break. It had other options, such as creating a wrapper and asking people to use that instead; backporting fixes to old versions (ร la Red Hat); or working with the community to stabilize the API. In my past dealings with Apple, however, Iโve noticed it doesnโt play so nice with others unless it makes all the rules and serves as decider. I have a feeling other options were moot before it made their own security library.
[ See InfoWorldโs โiOS 7 for developersโ special report for the scoop on the bells and whistles in Appleโs mobile OS โ and how you can harness them. | Keep up with key Apple technologies with the Technology: Apple newsletter. | Discover whatโs new in business applications with InfoWorldโs Technology: Applications newsletter. ]
Which brings us to Appleโs first deadly sin: arrogance. Arrogance is a common bug in software developer personalities. Itโs fine if it makes you no fun at parties or wins you an InfoWorld column, but it isnโt fine if it leaks into your code. Humble developers assume code can be broken and can live with attempts to prove that even if they wrote it. The code is proven bad โ not your fragile ego. The first thing I teach green developers is to assume their favorite theory is wrong and to seek to disprove it rather than prove it. People who try to prove themselves right are prone to confirmation bias and looping.
This brings us to Appleโs second deadly sin: I canโt find the automated tests for libsecurity_ssl. According to a poster on Hacker News, there are a couple dozen tests (a bit light for this sort of thing), but I couldnโt find them.
On the other hand, I found a comprehensive suite of tests for OpenSSL. In fact, maybe Apple should have run a version of this on its code since a casual glance would have caught it โ which means Apple doesnโt actually run automated tests on check-ins.
Weโre not talking a full agile process; weโre talking basic principles. I often get comments from people who dispute the nature of a โunitโ or what an integration test should be, but surely we can all agree that you should have an automated test before release as to whether your SSL library validates SSL certs?
Possibly related to the first deadly sin is Appleโs general lack of collaboration. We know best, fork first, rewrite first โ then maybe we let the cool kids join us if they are worthy. Sometimes this has turned out well and we get KHTML turning into WebKit (which Google has in turn forked โ but thatโs for another post). This time, it cost Apple customers and users. For security, having the larger community is critical; collaborating rather than keeping your failures secret until you fix them is key. This culture of secrecy and arrogance has been written about before and will bite Apple again.
The next deadly sin is Appleโs mind-set. Security requires you to think backward. The worst systems are designed by people who try to keep other people out and think accordingly. The best systems are designed by people who are empathetic. Sure, there is science and research, but fundamentally, how can I defeat it? Think like the black hat. I prescribe that Apple watch a lot of bad serial killer movies.
Finally, learn from your mistakes. Each iteration (if it has iterations) needs a retrospective. What went wrong? What went right? If you find one goto fail bug, maybe you should look for other goto fail bugs? If that happens a few times, maybe you should consider goto harmful for your organization (even if you think it has its place elsewhere)? Maybe big blocks of repetitive if statements are bad, too? Whoโs reviewing this code at Apple?
I know Iโll never have the answer. As long as the faithful line up to worship at the Apple Store and keep swiping their cards for the bling, nothing will change. Who said trustworthy computing was profitable?
This article, โApple and security: 5 deadly development sins,โ was originally published at InfoWorld.com. Keep up on the latest news in application development and read more of Andrew Oliverโs Strategic Developer blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.
