In a tweet, Dino Dai Zovi, co-author with Charlie Miller of The Mac Hacker’s Handbook (2009), said, “Apple has invited me to look at the Lion developer preview. I won’t be able to comment on it until its release, but hooray for free access!”
In an e-mail interview with CNet, Charlie Miller said, “As far as I know they have never reached out to security researchers in this way. Also, we won’t have to pay for it like everybody else. It’s not hiring us to do pen-tests of it, but at least it’s not total isolation anymore, and at least security crosses their mind now.”
CNet also published the e-mail invitation Apple sent to Messrs. Miller, Zovi, and other unnamed researchers that read:
I wanted to let you know that I’ve requested that you be invited to the prerelease seed of Mac OS X Lion, and you should receive an invitation soon. As you have reported Mac OS X security issues in the past, I thought that you might be interested in taking a look at this. It contains several improvements in the area of security countermeasures.
Apple has had a hit and miss relationship with security researchers in the past, and the company has come under heavy criticism from vocal members of the hacker community like Charlie Miller. Apple’s policy of secrecy has included not acknowledging reports from researchers and other practices that irk the research community.
Reaching out ahead of a major release to ask for feedback is a fairly significant shift for Apple, at least on the surface.