Security Initiative: Adobe Mimics Microsoft's Patch Tuesday Program
Article by George Norman
On 25 May 2009
It seems that Adobe is getting tired with all the security vulnerabilities and security holes affecting its software applications and consequently has announced the fact that it is launching a program similar to Microsoft’s Patch Tuesday (patches and fixes are released every second Tuesday of the month). The move is a welcomed one, if you keep in mind that just a couple of weeks ago Adobe Acrobat 9.1.1 and Adobe Reader 9.1.1 were released in order to address a 0-day security hole affecting all currently supported shipping versions of Adobe’s products. You should also keep in mind that targeted attacks against Adobe’s products have seen a considerable increase (see the image below, provided by F-Secure).

Director of Product Security and Privacy, Brad Arkin, explains: “Starting this summer we plan to release security updates for all major supported versions and platforms of Adobe Reader and Acrobat on a quarterly basis. Based on feedback from our customers, who have processes and resources geared toward Microsoft’s “Patch Tuesday” security updates, we will make Adobe’s quarterly patches available on the same days.”

Advertising

Adobe’s “Patch Tuesday” program is part of a larger security initiative that is meant to eliminate or at least mitigate some of the security risks that plague Adobe’s software; the security initiative is also meant to improve Adobe’s ability to respond to vulnerabilities in Reader and Acrobat discovered by external security researchers.

Adobe’s security initiative is focused on 3 major areas: the Patch Tuesday program, as mentioned above, code hardening and incident response process enhancement. “An initiative in the current security effort has been focused on hardening at-risk areas of the legacy code,” explained Brad Arkin. “We’ve applied the latest SPLC [Secure Product Lifecycle] techniques against these prioritized sections of each application. Even in cases where no immediate vulnerability was identified, we have been strengthening input validation on a best-practice basis. Experience shows such validation is a powerful tool in preventing as-yet unidentified security holes.”

Regarding the incident response process enhancement topic, Arkin says external security researchers can expect to see a faster incident response process on Adobe’s part, timelier incident related communications, and faster turn-around times on patch releases. When updates are released, you can also expect Adobe to release patches for multiple affected versions.






Tags: Adobe Acrobat , Adobe Reader, Security Initiative, Patch Tuesday
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Security Initiative: Adobe Mimics Microsoft's Patch Tuesday Program
HTML Linking Code