Security researcher Charlie Miller booted from Apple Developer Program

It's a bad move for apple. A good relationship with the community of security researchers is crucial - they're talented folks and their research results grab headlines. It takes just a tiny amount of corporate humility and public thanks to win their respect, and in return get goodwill. Treating the community badly will get ensure the next guy won't even try to cooperate.<p>Over the last several years, Microsoft's MSRC has balanced this very well. Google has done well recently, too. Lots of clued-in people in both places.

It’s rude when according to the article he withheld details of the exploit to give Apple time to fix the bug, but the decision is understandable since he did violate the developer agreement. I’m not so sure about “interfering with Apple's software and services” but his activites seem to be covered under “hiding features from [Apple] when submitting them.”

He's got great skills, and NSA training is as good as it gets, but he explicitly violated the rule to not download and run code from a server, to see if the rule would be enforced. They enforced it, just as he'd known they would. There was no point to his doing that other than to get headlines.

"I don't think they've ever done this to another researcher. Then again, no researcher has ever looked into the security of their App Store. And after this, I imagine no other ones ever will," Miller said in an e-mail to CNET. "That is the really bad news from their decision."<p>Take your wrist-slap like a man, sir.<p>Apparently the grand are also prone to self-aggrandizement. I have a lot of respect for Miller's skills, but he's not the only smart person taking a hard look at App Store security.

Apple is extremely binary. You're either with them or you're not. They don't seem to have flexibility and the only punishment is to be banned.<p>Awful.

As a metanarrative, it's very interesting seeing the conflict between the rules followers and the ethics followers here in this thread.

I feel like if this were an Android flaw, I'd see it in the title. Miller was booted from dev for discovering a major flaw in iOS. A hacker can have full access to the phone and personal data by just downloading an app from the App Store. Definitely worth mentioning in the title.

There's always this flip-side to reporting security findings. I don't know the details of Charlie Millers exploit, however had he gone through the process of informing the vendor (in this case Apple) and then allowing sufficient time to address the issue, perhaps a showdown could have been avoided (I'm assuming that he hadn't).<p>People however, also forget that, there are other pressures facing info-sec researchers - such as pressure from management at the company where they work to 'publish' and/or present their findings under the company banner. Often, this irks vendors, because vulnerabilities are used to promote the researcher's (or who they work for) interests.<p>That said, Microsoft, Google and Facebook have very transparent processes &#38; expectations for submitting vulnerabilities.

Anyone has information regarding the actual vulnerability ? That would be very interesting. Thanks.

Oops. Watch the number of trojans for OS X go up now.

Its a walled garden; they can do anything they like. Live with it.

The spirit of Steve Jobs lives on.

He uploaded malware to the store in violation of his developers agreement. FAIL.

The Apple is changing preferences, now they don't want to have a more secure soft. IMO Steve Jobs wanted.

I come into your party as a guest and what I do is steal all your stuff. If you would be a white hat, you would knock at the door and kindly hint me to the loophole instead of just doing it ...