Brad Arkin, Adobe director of product security and privacy, said in a company blog post that Adobe would release security updates for all major supported versions and platforms of Adobe Reader and Acrobat on a quarterly basis starting this summer.
Arkin said that the quarterly patches would be released on the second Tuesday of the month each quarter -- made available on the same day Microsoft releases its "Patch Tuesday" security updates. The update release day was intended to accommodate Windows customers who have resources and processes geared toward Microsoft's Patch Tuesday.
Adobe's last two security updates, delivered in March and May, also fell on Microsoft's Patch Tuesday, although Arkin said that the timing of the updates was purely coincidental.
"Although our 3/10/09 and 5/12/09 security patches landed on Patch Tuesday, the timing was coincidental. In both cases, we shipped the patches as soon as we finished testing them," Arkin said.
The newly scheduled Patch Tuesday update release comes as part of a ramped-up effort intended to harden systems and improve vulnerability response times.
Altogether, Adobe says it plans comprehensive code hardening after it launches an initiative to strengthen inherently known at-risk areas of the legacy code, which it will apply to its Secure Product Lifecycle procedures. In the same vein as Microsoft's Security Development Lifecycle, Adobe SPLC integrates security activities such as threat modeling, automated and manual security code reviews, and fuzzing into the standard procedure followed for all products.
Adobe also said it was strengthening input validation on a "best practice" basis, even where no previously known vulnerabilities had existed.
In addition, Adobe pledges a speedier incident response time going forward. The company said that the new process was made more efficient during its last security update for Windows, Mac and Unix platforms issued May 12, which was deployed only two weeks after vulnerabilities were made public.
"Security is an ongoing process, so while we believe our plan will eliminate or mitigate many potential security risks, we are also working to enhance our ability to respond to externally found vulnerabilities in Adobe Reader and Acrobat in the future," Arkin said, adding that in developing its new approach to security, the company has learned lessons from friends and partners.
- Juniper Honors 12 Americas Partners
- Facebook And Four More Web Sites We Love To Hate
- Cisco Honors Top Partners During 2010 Partner Summit
- HP Salutes Top Partners At APC 2010 Award Show
- Upclose And Personal With AMD And friends
- Will Oracle's Phillips' Affair Revelation Be A Distraction?
- Apple, Microsoft Unlikely Allies Against Google
- HP-Microsoft Cloud Partnership Needs To Show Us The Goods
- Blog: It's Time For A Cybercrime Public Service Announcement
- Nortel Sell-Off Continues: Ethernet Business To Ciena?
- Want To Deploy Exchange 2007 SP2 In A Server 2008 R2 Domain? Sorry
- Apple Improves iTunes 9 With Syncing, Visual Enhancements
- Oracle Ad Refutes Sun Hardware Fears
- U.S. Copyright Chief Rips Google Book Deal In Testimony
- Apple Slashes iPod Price Tags
- Price Is Right? Asus To Launch Low-Cost E-Reader
- Microsoft Xbox 360 Consoles Fail More Often Than Wii, PS3
- Privacy Group To Congress: Stop Online Advertisers In Their Tracks
- Microsoft, Intel Tout Their Collaboration On Windows 7
- Tech Data Adds Integration Services With New Center
| • |
| • |
| • |
| • |
| • |
| • |
| • |
|
|
