Is Adobe Finally Taking Security Seriously?
Is Adobe recognizing that it plays an important function in many business operations and quicker response times are vital?
Adobe has had its share of security problems lately -- I guess it shouldn't be a surprise that McAfee predicted Adobe would be a top target for hackers in 2010.
It's a reminder that no one is safe in today's environment. Adobe was safe and secure for such a long time, but in an Information Security article, Adobe's Brad Arkin was quoted:
There are definitely a lot of bad guys out there who make a living attacking software. … They started by attacking Microsoft, now they're attacking Adobe too. We're definitely in the spotlight.
Last year Adobe created its Secure Product Lifecycle (SPLC), which, according to the Information Security article:
includes an 80-point security plan for every product, security training and certification for engineers, and a culture of security largely based on the company's training program, have yielded more secure products, he said. The company's four-tier training program, which launched in early 2009, begins with computer-based training, but to achieve the third level (a "brown belt") an engineer must create a project and finish it in six months, while the fourth level (a "black belt") requires coordination of brown-belt projects.
Also, Adobe's Product Security blog reported an accelerated security update, pushing updates to June 29 rather than waiting for the normal quarterly release on July 13.
Hopefully this is recognition on Adobe's part that the company plays an important function in many business operations and that increased security measures -- particularly quicker response times to flaws and vulnerabilities -- is vital.