Adobe acknowledges the importance for security
May 23rd, 2009 No Comments »Many agree Adobe has never responded to security vulnerabilities in their popular products quickly. Known vulnerabilities would take weeks and in some cases months before being addressed. Most recently in February Adobe confirmed a known vulnerability in their Acrobat PDF software and admitted the vulnerability is actively being used by hackers. Brad Arkin, Adobe’s director for product security and privacy mentions this event is what prompted a new security practice.
Adobe has started reviewing the code in Adobe Reader and Adobe Acrobat products and is identifying “at-risk areas” that will be addressed and ultimately re-written. “We’re going to broadly look at the whole application, but focus on at-risk areas, where we’ll do threat modeling, static code analysis and look for potential vulnerabilities,” said Arkin. “We’re going to do a lot more pro-active work,” he promised. “We want to shake loose vulnerabilities.”
Arkin promises a regular patching cycle and in fact will deliver patches the same day as Microsoft. Although their patch cycle is quarterly, not monthly, the patches will be delivered the second Tuesday of the month. This schedule has not officially started. Arkin also mentioned JavaScript will not be disabled by default in future builds of Adobe Acrobat products.
More information on Adobe Acrobat’s new security initiative can be found on Adobe’s Asset blog.
Tags: acrobat, Adobe, microsoft, Patch, PDF, Security, Vulnerability, zero dayAuthor: Christopher
(1 votes, average: 5.00 out of 5)
Loading ...
Subscribe