Adobe mirrors Microsoft's patch process

Adobe mirrors Microsoft's patch process

Tags:   Adobe  securing productivity applications  Security Patch Management

By Robert Westervelt | May 22, 2009

Thumbnail: 

Adobe Systems Inc. said it would revamp its incident response process and offer more support of security tools to lock down Adobe technologies.

The software maker announced sweeping changes to its patching processes Wednesday. Updates for Adobe Reader and Acrobat will be released quarterly beginning in December. The process will mirror Microsoft's monthly Patch Tuesday bulletin updates and be released on the same days each quarter, Brad Arkin, Adobe's director of product security and privacy wrote in a message on the company's Adobe Secure Software Engineering Team blog.

Arkin noted that Adobe said its engineers have been focused on revamping Adobe's software security processes since February when a critical image handling flaw was being actively exploited in the wild. Security researchers noted at the time that Adobe could have moved faster to issue an update to accommodate its large user base, despite ongoing attacks being limited and targeted.

"Everything from our security team's communications during an incident, to our security update process to the code itself has been carefully reviewed," Arkin said.

Adobe said its latest changes improve its incident response process, introducing more timely communications and faster turn-around times on patch releases. The software vendor will also try to issue simultaneous patches to address all affected versions.

Arkin said Adobe has also been improving its security development lifecycle, using Microsoft's Security Development Lifecycle as a blueprint for Adobe software. Adobe introduced threat modeling, automated and manual security code reviews and fuzzing for all its products. Arkin said the latest focus has been on hardening at-risk areas of the legacy code.

"Even in cases where no immediate vulnerability was identified, we have been strengthening input validation on a best-practice basis," he said.

The first signs of changes to Adobe's security process were first reported by SearchSecurity.com in December, when Adobe launched its Adobe Secure Software Engineering Team blog to increase visibility in the security community and get security researchers to report vulnerabilities directly to the software vendor. Adobe also improved its software code at the time, enabling secure compiler flags in Flash Player and Adobe Reader. Flags help ensure developers don't store static passwords, encryption keys or other sensitive data within the source code of a SWF file.

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

 

Comments

Comments

scooby doo oyunları |

Submitted by acb8e076504879ca33411590f6853d11 on 22 November 2009 - 10:30pm.

scooby doo oyunları | futbol oyunları | barbie oyunları | ben ten oyunları

العاب ,   شات

Submitted by Anonymous on 21 August 2009 - 8:22pm.


العاب
,  
شات ,
توبيكات
,
دليل دردشات
, توبيكات
, منتدى
,
شات سعودي ,
شات خليجي ,
دردشة سعودية
,
شات صوتي


شات صوتي ,
دردشة صوتية ,
دليل الدردشات ,
مسلسلات رمضان 2009
, العاب فلاش جديدة

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Today's top security priorities
Attacks based on vulnerabilities in websites are skyrocketing, and not many solutions are available to protect organizations against them. How do you deal with this and other key security issues today?
Taking a holistic business-centric approach to security
Today’s CIOs face multiple challenges, including the need to innovate in an extremely competitive business climate, address highly dynamic regulatory and compliance challenges, speed ROI to counter shrinking IT budgets, and secure their organizations against a wide barrage of sophisticated threats.
 
 
 
UTM product offers Logansport Savings Bank superior protection
Astaro Security Gateway’s IPS was able to block attacks that other intrusion prevention systems (IPS) missed at Logansport Savings Bank.
Hong Leong Financial opts for Juniper Networks at new Malaysia head office, data center
Hong Leong Financial Group Berhad builds complete and seamless data center and office network infrastructure with Juniper switches, security devices and Junos software.
 
 
 

Recent popular content

Most Read
Merging SIM and IAM systems
DNSSEC predictions optimistic
WhiteHat Security reveals top 10 Web hacking techniques
Social networking sites are phishing traps
RSA conference tackles social networking

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS