A quick perusal of the National Vulnerability Database for Apple shows 417 items for all of 2010. Many of those vulnerabilities are for Apple products and applications. Many others are for applications that run on OS X.
Fortunately, for now, Mac users have been spared attacks and malware that target those vulnerabilities. However, in today's age of strict regulatory compliance and highly targeted attacks, organizations need more assurance that they can manage the risk associated with their devices. And, just because a device hasn't been hit with widespread viruses doesn't mean users can't be attacked with specialized exploits.
Last year, for instance, news reports surfaced that the British government forbid iPhones and iPads because the company refused to allow its source code to be analyzed by intelligence services. Meanwhile, Apple's slowness to fix some of its vulnerabilities has been a point of contention among experts.
"Apple has been slow to patch a number of software vulnerabilities in the past, and it's reliance on open source as part of its operating system does complicate the patching process," Mogull says. "But, overall, you have to see the moves the company has made, such as the reported hiring and engaging with the security community with Lion as right steps," he says.
Read more about application security in CSOonline's Application Security section.