I agree that there is the potential for more *risk* with the new iPhone, but fail to understand how the price of something or anticipated market penetration can cause it to be less resistant to the force applied by a threat community.

Ah, semantics. You're defining the adjective 'secure' as (a measure of) 'resistance to the force applied by a threat community.' You're not defining risk at all, but I'll presume you mean some reasonable definition that combines threat, probability and severity.

In those terms, we agree. I'm pointing out that the increased distribution of the iPhone platform increases the probability of attack because it's a more available target. I'm also pointing out that the 'enterprise readiness' of the platform increases the potential for data loss (severity?) of any successful attack, as well as increasing the probability of attack. In other words, yes, increased risk through changes in probability and severity.

I would argue that an increase in the amount of risk (noun) results in an object being less secure (adjective).

Likelihood of exploit and or type of data located on the device does not modify the security level of the object itself. The security of an object when compared against specific attack scenarios is a pass fail model. Enumeration of these threat vectors and looking at possible success determines the security level of the object.

When looking at risk levels I agree fully that you have to include the chance of exploit as well the sensitivity of the data being secured. However, when looking at the individual security of a device against specific attacks, the likelihood nor the data stored matters.

I agree with Alex here. Either way we may simply be running into a matter of semantics.

4. The Price: I don't know that price, one way or another, would make it any more or less a target just because of the necessity to sign a contract to get one. Sure, availability is better (which is obviously the plan from a business standpoint) but I tend to think that the people who want to play with the potential for exploiting iPhone security would do so regardless of price.

3. The SDK: Apple has done a pretty decent job of sandboxing 3rd party apps from the rest of the OS. So much so that it's actually a bit of a pain to us developers from a functionality standpoint. Of course nothing is 100% secure, and it's only going to be a matter of time before some clever coder punches through the sandbox.

2. MS Office Compatibility: This I disagree with very much. The vulnerabilities you've referenced are more issues with Word and Excel themselves, not necessarily the document format. Of course there's the occasional one-off format-based vulnerability (remember WMF?), but the simple fact that something understands how to read the .doc format doesn't magically make it vulnerable to every exploit written for Microsoft Word. Google Docs, iWork, OpenOffice, Abiword, the list goes on.

1. Enterprise-Ready: I don't even understand this point. This is part of the risk of any commercial product. The iPhone is no more or less special than any other device with significant market penetration, be it Enterprise-level or general consumer.

4. The point here isn't that a lower price puts it in the hands of more potential hackers, but that a wider user base makes it a more attractive target.

3. Yep, I agree.

2. I'm not sure I agree with you here. While a 'reader' application may have fewer avenues for exploit because it's a less complex piece of code, the existing popularity of MS Office documents as an attack vector definitely increases the likelihood that it will be used as such on the iPhone as well.

1. The point here isn't that the iPhone is special or different. It was different in that it didn't support standard enterprise features. It's now less different, perhaps. Still, further penetration into the enterprise increases the likely value of the information stored on the device. Combine that increased value with wider distribution, and you have a much more attractive target that the previous iPhone.