Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • Development
    • IT Management

    Adobe Tightens Development Process to Improve Security

    By
    Brian Prince
    -
    May 20, 2009
    Share
    Facebook
    Twitter
    Linkedin

      From a security standpoint, Adobe Systems has taken its share of lumps so far in 2009.

      In February, news that Adobe Reader and Acrobat were vulnerable to a zero-day attack became public; in April, two other bugs surfaced. All three were eventually patched, but not before proof-of-concept exploit code for each bug began to circle. In the case of the flaw publicized in February, hackers feasted on the bug for at least two months before a fix was issued-and the initial patch didn’t cover every version of the programs.

      Since then, Adobe said, it has been changing its development process to improve software security. The project has been focused on three main areas: hardening the code, improving the incident response process and putting together a plan for issuing quarterly updates for Reader and Acrobat.

      “We have for years now been following our secure product life cycle, which defines how we integrate security into the regular way that we build software at Adobe,” said Brad Arkin, Adobe’s director for product security and privacy. “For most of the projects, and particularly for Reader and Acrobat, our secure product life-cycle activities have mainly been focused on the new code and the new features that we’re writing, and it hasn’t fully addressed the potential security problems in the legacy code and features.”

      The idea basically extends best practices such as threat modeling and testing throughout the entire development process.

      “All of these activities are helping us to identify potential problems so that we can then resolve them before a malware author or another malicious actor might find them,” Arkin added.

      Arkin admitted that some vulnerabilities are inevitably going to appear, which is where the updates come in. Starting in summer 2009, Adobe will issue quarterly patches to deal with any security issues. Though the company is still hammering out the exact timeline, the general plan is for the releases to coincide with Microsoft’s Patch Tuesday.

      “What we heard from our customers is that offering the updates on the same day will help align with the way our customers today are applying patches,” Arkin said.

      Statistics from Qualys released in April showed that many Acrobat and Reader users were behind in their patches, even as news of a zero-day continued to circulate. Perhaps it is unsurprising then that hackers often use exploits targeting Reader and Adobe Flash as a way in.

      “This is something that we’re talking publicly about now even though we’ve been working on it since February, and in the months to come we’re going to continue talking about further details and new ideas that we have for how we can better improve the security for Reader and Acrobat and make the product even more safe to use for our customers,” Arkin said.

      Avatar
      Brian Prince

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×