Prior to the security issues on Apple’s site over a week ago, Apple had been on a bi-weekly cadence for iOS and OS X beta releases. Last Monday, (July 22nd) the developer portal was down while Apple rebuilt the site to address the security issues no iOS beta was reported to be released. With less than 24 hours to go, will they be in a position to release a beta tomorrow? What is the impact to the overall release schedule of iOS? What do you think?
I am hoping that the major progress we’ve seen in the last week on bringing the site back online (while still not complete, many of components are up as of this posting), has allowed Apple to focus back on working on iOS and Mavericks. Perhaps there are some lessons in all of this for us, as developers, that security can’t be something we think about when we are done developing. Security is something that needs to be built into our apps from the beginning.
One of my favorite podcasts is Security Now! with Steve Gibson of Gibson Research Company. A few months back, Steve talked about the effort he went thru to retrofit his entire website to https. I think this is something that is worthwhile to consider for this site. It is a lot of work , and exposed to him the inter-relationship of so much of our connected world. At an app level, if you use any third party code, are you sure it is secure? How do you go about testing for security?
The people who want to expose or exploit security issues in your code, spend much more time testing your application than perhaps you do. They are not worried about shipping the next release. They are methodical in how they test, probe, and attack your application. Perhaps this is the time to start re-thinking your development and test strategy, so that security becomes a first class requirement for all that you do.