[otterley]

> Apple invites this kind of reaction by not being transparent and not cooperating with the larger security community

Eh, I disagree. While it's fair to wonder what's taking them so long, attributing malice or incompetence is unreasonable without more evidence than mere delay.

> What reason does Apple have to withhold information about vulnerabilities from the rest of the industry? It just puts their customers at risk.

I think the jury is out on the conclusion. While Apple is unquestionably peculiar with respect to their security community engagement, I think most would agree that they also have an outstanding overall security track record when you take into account the immense number of devices out there, all of which are connected to the Internet. It's difficult to identify a company that does better (again, relative to the overall risk exposure) than Apple in this aspect.

> They have a trillion dollars. There's no reason they couldn't [insert anything here]

Money can't buy you everything. Even Apple's war chest can't buy them the exact talent they need at the exact time. Talent is scarce and often happy and well-compensated at other engagements. Same goes for any of the FAANGs, one of whom I currently work for.

[voakbasda]

A pattern of non-communication about high risk security issues to developers that could help mitigate their effects or to customers that will be affected by that lack of mitigation seems like intentionally malicious behavior to me.

Lack of transparency is inexcusable for a business with such an overwhelmingly prolific ecosystem that has such a broad impact on derivative technologies and the businesses that use it.

[techdragon]

Apple are culturally allergic to transparency. It’s going to be either a seismic corporate culture change if it happens quickly or it will take on the order of a decade or more for them to become comfortable with being open whenever the opportunity is appropriate. Apple is a “deny by default” sort of company at its heart.

[otterley]

Being malicious means you actually intend for people to suffer harm. Do you really think that's what Apple wants? What evidence do you have of that?

[voakbasda]

You think that they do not know that these are the consequences? When vulnerabilities are being exploited in the wild, they know that harm is being done, and then they made a deliberate choice to withhold information that could help prevent that harm. How is that decision not malicious?

[otterley]

I think you're using the word "malicious" when maybe what you mean is "irresponsible."

Please refer to the very top of the thread where I try to provide a reasonable and much more likely explanation behind what's going on.

[aaaaaaaaata]

Classic debate about whether being stupid or incompetent is the same as having ill intent.

We're still the ones being hit by a bus.

[otterley]

There’s no debate, unless you truly believe that intent should play no role whatsoever in how we judge actions, in which case, you disagree with the vast majority of post-Enlightenment society. I don’t think you would like living in a world in which strict liability made every mistake a criminal act.

[voakbasda]

I think Apple is neither stupid nor incompetent, leaving the third option: they made a choice to do harm, if only by choosing to do nothing.