Doing it the Microsoft way…
By Elinor Mills
Published: 21 May 2009 11:52 GMT
Adobe said on Wednesday it will release quarterly security updates to coincide with Microsoft's Patch Tuesday as part of a new approach to product security for Adobe Reader and Acrobat.
The security updates will be delivered on a second Tuesday once a quarter, beginning this summer, Brad Arkin, director of product security and privacy, wrote in a blog post. Microsoft's Patch Tuesday updates are issued monthly on the second Tuesday.
Adobe security patches released on Patch Tuesdays 10 March and 12 May were coincidental, the post said.
A-Z of security
The most recent patch fixed a hole in Flash Media Server 3.5.1 and earlier that could allow an attacker to execute remote procedures in Flash Media Interactive Server or Flash Media Streaming Server.
The March patch fixed a critical vulnerability in Adobe Reader 9 and Acrobat 9 that could allow an attacker to take complete control of a computer and for which exploits had been reportedly found in the wild for nearly two months.
The Adobe Reader issue sparked "a lot of conversation internally at Adobe from executives to testers and developers" and ultimately led to the permanent changes to Adobe's software security approach, Arkin said. "Everything from our security team's communications during an incident, to our security update process to the code itself has been carefully reviewed," he wrote.
All new code and features for Adobe Reader and Acrobat have been put through a Secure Product Lifecycle that is similar to Microsoft's much-touted Security Development Lifecycle, according to Arkin. Now, Adobe is working on hardening at-risk areas of its legacy code too, he added.
Arkin also promised that people outside the company "will see more timely communications regarding incidents, quicker turnaround times on patch releases, and simultaneous patches for more affected versions as we move forward".
Security issues with Adobe Reader prompted software security firm F-Secure to suggest that people should switch to an alternative PDF reader at the RSA security conference last month. Just last month another security hole surfaced in Adobe Reader.
Original article: Adobe to release security updates a la Patch Tuesday from CNET News.com
CSS, Adobe, MacromediaLondon E122,000 - 26,000 DOEOur client is one of London? At a minimum however, to be considered for this position you must ...
They have an urgent requirement for an Adobe Live Cycle developer for a 1 year contract based in London. The ideal candidate will have at least 3 ...
Adobe LiveCycle Consultant We are looking for Senior Developers who are experienced in delivering solutions using Adobe LiveCycle ES, using Forms & ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy