After attacks, Adobe patches now come faster
IDG News Service - Hackers are fond of Adobe Systems, and now the company knows it all too well.
Adobe's software has increasingly come under attack in recent years as hackers have realized it can be easier to find flaws in popular software that runs on top of Windows than it is to dig up new vulnerabilities in the operating system itself.
This has led to a round of new attacks that exploit bugs in products such as Adobe's Reader, Apple's QuickTime, and the Mozilla Firefox browser.
It's a reality that Adobe Chief Technology Officer Kevin Lynch freely acknowledged Monday in a press conference at the company's annual Adobe MAX developer conference, held in Los Angeles.
"We have absolutely seen an increase in the number of attacks around Reader in particular, and also Flash Player to some extent," he said. "We're working to decrease the amount of time between when we know about a problem and when we release a fix. That used to be a couple of months; now it's within two weeks for critical issues."
For Adobe, this new reality became clear in February, when the company's Reader and Acrobat software was the target of a widespread attack. The volunteer watchdog group Shadowserver Foundation started sounding the alarm about the problem on February 19. Security experts later determined that it had been exploited by attackers since early January, but Adobe didn't end up patching the bug until March 10. It took two more weeks for the company to patch all of its supported platforms.
It was a public relations disaster for the company, whose sluggish response was pilloried by security experts.
Adobe Director for Product Security and Privacy Brad Arkin says the problems spurred good things, though. "We used that experience to help understand where the bottlenecks were and what process changes we could implement to improve our response time," he said in an interview Monday.
In May, Arkin announced that the company would take new steps to stress-test its software, and improve its response-time to security incidents.
Adobe currently releases regularly scheduled security software updates (the latest is due next week), but if the company needs to rush out a patch, it can be done much more quickly than before.
Adobe posted emergency patches in May and again at the end of July, both of which took about two weeks to turn around, Arkin said. "The turnaround for these things is something that has been a real focus," he said.
"We understand that given our wide distribution base we're going to be a target," Arkin added. "These types of software patches are going to be a fact of life for us."
(James Niccolai in Los Angeles contributed to this report.)
Reprinted with permission from
Story copyright 2009 International Data Group. All rights reserved.
Adobe Systems
Additional Resources



White Papers & Webcasts
Share our Strength
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Top 10 Things to Know about Data Protection
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Ponemon Study: The Business Risk of a Lost Laptop
Download Now
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Airport Insecurity: The Case of Lost Laptops
Download Now
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
