"Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town," Miller said, suggesting that while both OSes have their security flaws, the Mac OS is safer because of the lack of people threatening to exploit it.
But software is software, and no matter how much more secure Mac OS X is than Windows, it's still bound to have some security issues. I'm all for Charles Miller digging around the OS to find flaws, but come on, if you find them, why announce them to the world and open up a potential new round of attacks? Wouldn't it be better to report them to Apple instead of to the host of hackers that pay attention to CanSecWest? There's no question about it, Apple should have caught these holes in the first place and Miller is right in calling them out on it. But while I understand that public outings go a long way to ensuring that people or companies don't make the same mistakes again, you can call Apple out without showing people – especially the wrong people – the specific cracks in the system.