Apple can't be trusted to do point releases for major security bugs in a timely fashion.

OSX development can only be done on OSX.

Because Apple security procedures are now known to be so horrible, the reasonable thing is to only use Apple hardware when you absolutely must -- iOS dev.

I say this as someone who currently has only Macs except for servers; I'll probably not buy another one, and switch back to Linux. I might Linuxify the Macs I currently have, except for when I need to do iOS stuff.

Correct me if I'm wrong, but you're almost completely abandoning an OS just because of 1 security problem?

I don't actually care about the original bug much. It happens.

That Apple's internal code review/static analysis/etc. doesn't exist is a bigger problem, but still not a showstopper.

That Apple's incident response and prioritization is horrible is the reason. Look what they did with the dev center over the summer. Various past bugs.

You say this as someone who does not understand the issue at all and has a very naive take on it. Alas, voice of tptacek was not heard on this issue for some reason :(

Fortunately we have your extensive experience in operating system security patching and policies about when to push a hotfix vs. a large update to a widely-deployed userbase to enlighten us!