Phone: (818) 988-5231

Heightened Security: Apple Recognizes One of Our Own

Heightened Security: Apple Recognizes One of Our Own

As we enter into a new decade, we can’t help but also reflect on the last one: our growth as a company, as a team, our lessons learned, and our incredible accomplishments along the way. One of the most memorable, and proudest, accomplishments occurred as an unexpected result of plain and simple diligence. 

We’ve always held security as a top priority for ourselves, and our clients. These days everyone expects access to data everywhere, and on multiple devices, all the while being 100% secure. In the fall of 2018, we were helping a client enhance their security for their VPNs, which involved encrypted connections from their teams’ off-site laptops, across the internet, and back to their office. In so doing, Royce, our Sr. Network Engineer, was tasked with upgrading the level of encryption for the remote connections and testing the built-in VPN connectivity with macOS. 

It was during this process that Royce ran into an encryption and communication issue with the VPNs. It’s not unusual in this industry to encounter software bugs and issues. Over the past decade, we’ve collectively deployed hundreds of networks and encrypted connections for our cross-platform clients for mobile devices, computers, and between offices using macOS, iOS, Android, Windows, and multiple firewall platforms. That has allowed us to gain a deep understanding of the protocols and configuration options involved in encrypted communication. 

However, this particular issue was not something any of us had come across. Royce continued to work to break through the communication barrier: leveraging all of our collective knowledge, sampling data, log files, and piling up a significant amount of additional geek-level detail. Not finding a clear fix, as we’ve done many times before, we then submitted all of this data to Apple via a bug report, and devised a work-around solution to accomplish our client’s goal.

We have no idea how many bug reports Apple receives in a given year. The countless times we’ve submitted them, we’ve never heard back. Eventually, we see the bug getting patched, and we’re happy to have done our part to contribute to the greater community. This time was different.

In the fall of 2019, Royce was personally contacted by Apple developers to let him know his bug report was the key to finding and fixing this specific VPN encryption bug. Additionally, Apple wanted permission to recognize Royce publicly for his efforts! 

This was the hardest puzzle I’ve ever had to solve. All of the specs said it should be working correctly, yet everything I was seeing was telling me it wasn’t. The hardest part was trusting that I was correct, and the product had a bug that was getting in the way.

Royce Gawron
Screenshot of Apple Kbase Article
Click to enlarge a snapshot of the Apple release notes.

Fast forward to our company holiday party, a week before Christmas, where we not only got to honor Royce’s 15-year anniversary here at Second Son, but also learned that Apple had released the security patch, and Royce was thanked publicly in the release notes! Seeing his name, among developers, researchers, and security experts from companies like Google and Puppet, is quite up there on the accomplishment scale! The bug Royce found, documented, and submitted, resulted in Apple updating the VPN system in macOS 10.13, macOS 10.14, and macOS 10.15, affecting millions of devices around the world! 

Accomplishments like this come from focused dedication, attention to detail, and true passion for what we do. We are so very proud of Royce and this accomplishment, and look forward to building on this in 2020!