Apple’s security engineering team was set to give a talk about security engineering at the (in)famous Black Hat security conference. Many were pleasantly surprised by the move. Apple is notorious for its secrecy about not just product plans, but its security practices. New levels of honesty and transparency would have been reached.
You know what happens when marketing hears engineers saying “honesty” and “transparency”. Marketing hears “please muzzle us for the company’s good.” As such, the talk has been canceled.
This isn’t even the first time that an Apple talk has been suppressed in recent history. A FileVault talk was also canned. While I’ll support Apple’s efforts to keep their product announcements secret (as it is part of the Apple mystique), marketing shouldn’t shape their security work.
I still hold that Apple should start a blog that discusses security concerns that are raised. By all means, keep product announcements secret but start a dialog with your customers about issues that concern them. The DNS exploit issue is a classic case in point. Given the apparent severity of the problem the silence from Apple was worrying to the point that we couldn't even be sure that they were working on a fix. Something that says "we're aware of the issue and a fix is due around [insert date here]" would help a lot to reassure people, particularly if it included instructions on how to workaround the problem in the meantime. This isn't rocket science.
Apple's attitude toward security pissed me off. I work as a security analyst for a larger corporation and I get grief from coworkers about this. In comparison Microsoft and the Linux community are much more open and responsive on things.