The Reality of Apple’s macOS Security Snafu. It’s About Trust

There are many temptations and ample opportunities to lean on Apple for its recent, catastrophic root access vulnerability. See: “macOS High Sierra Has a Severe Vulnerability Giving Anyone Root Access.” But I’m going to focus just on Apple’s visible actions.

macOS High Sierra. Trustworthy?

Part of the criticism can likely (and properly) be directed at management practices. See: “Apple’s Mistake of the Century.” My personal experience leads me to believe that non-technical managers put time pressure on software engineers who weren’t experienced enough with BSD UNIX to understand the implications of the code changes. After all, UNIX security fundamentals are holy ground, and there must be good shepherds in the chain of command.

I think that practice is related to a bigger issue, and that’s the fact that Apple no longer celebrates the UNIX underpinnings of macOS. Apple appears to feel that the traditional celebration of UNIX is too geeky and would scare average Mac customers away. But the fact is, macOS is good for consumers precisely because of the time and effort put into it by (former) senior Apple UNIX gurus like Avie Tevanian, Bertrand Serlet and Jordan Hubbard.

The fact that you no longer see any mention of macOS as a UNIX OS on the macOS product pages means that there’s no longer any celebration of UNIX, its fundamentals and its heritage. No celebration means no awareness. No awareness means no excellence in execution.

No more celebration suggests no mindful focus.

Job One: Rebuilding Trust

Providing an apology, as Apple did, was the minimum required action. But it can’t stop there. For example, a doctor who makes a grave mistake and accidentally kills a healthy patient must apologize. But the hospital has to rebuild trust by explaining what when wrong, who got disciplined, and what detailed procedures have been put in place to prevent a re-occurrence.

That’s exactly what the TV news magazine 60 Minutes did on December 3. The producer, Jeff Fager, explained how 60 Minutes made some serious mistakes in the past. But he emphasized that rebuilding trust means explaining to the viewer how and why the mistake happened. He set the example.

I know Apple never likes to air its dirty laundry. It’s bad for Apple’s public image. But when a mistake of this magnitude happens, Apple executives should ponder whether an apology is sufficient to re-build trust. In addition, a reference to an audit seems too vague to satisfy the criteria of how and why. Apple said, in part,

We greatly regret this error and we apologize to all Mac users. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.

When Scott Forstall refused to apologize to Apple customers for problems with Apple maps, he was fired. While Apple has apologized in this case, it will require additional, painful steps to admit what went wrong and explain in more detail how it could happen. That’s the first step in a genuine change in corporate thinking.

Without fessing up to that reality in public, the affirmation of fundamental change, the event lapses into a running joke that will haunt Apple for all time.

Share this post