Adobe joins Microsoft's vulnerability-sharing club

Summary:Adobe will give anti-virus, intrusion prevention/detection and corporate network security vendors a headstart to add signatures and filters to protect against security flaws in its widely deployed product suites.

LAS VEGAS -- Adobe's push to beef up its security posture took another leap forward here with the announcement of plans to start sharing details on software vulnerabilities with security vendors ahead of time to help reduce the window of exposure to hacker attacks.

In partnership with Microsoft, Adobe will give anti-virus, intrusion prevention/detection and corporate network security vendors a headstart to add signatures and filters to protect against security flaws in its widely deployed product suites.

Adobe's pre-patch information will be released in the existing Microsoft Active Protections Program (MAPP), a two-year-old initiative aimed at providing detection guidance ahead of time to help security vendors reproduce the vulnerabilities being patched and ship signatures and detection capabilities without false positives.

[ SEE: Microsoft makes daring vulnerability sharing move ]

Microsoft says it has 65 security vendors participating in the program, which helps to protect 1 billion Windows users globally.

According to Mike Reavey, director of the Microsoft Security Response Center, the MAPP program provides a reduction in the attack window of up to 75 percent.

Adobe security chief Brad Arkin says MAPP participation will include vulnerability data from every Adobe product, from the oft-targeted Adobe Reader/Acrobat and Adobe FlashPlayer to enterprise products like ConnectPro and ColdFusion.

[ SEE: Punditry: Will Microsoft buy flaws? ]

Arkin expects the MAPP initiative to be especially useful during zero-day attacks. Adobe already provides pre-patch mitigation guidance during active attacks and, with this vulnerability sharing move, it adds another layer of protection for end users while the company investigates and creates its patches.

"MAPP was the gold standard for how vendors should be sharing information with security vendors," Arkin said, noting that it provides a way to get actionable information to security vendors in a familiar template.

Topics: Security, Enterprise Software

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.