Closing Adobe's security chasm

Summary:Adobe hasn't had a good time in recent months. Apart from Apple effectively banning Flash from the iPhone and iPad, Adobe's Acrobat and Reader products have been found to suffer serious security flaws. Some information security experts have even suggested that flaws in Adobe's products are now one of the most serious online risks.

Adobe hasn't had a good time in recent months. Apart from Apple effectively banning Flash from the iPhone and iPad, Adobe's Acrobat and Reader products have been found to suffer serious security flaws. Some information security experts have even suggested that flaws in Adobe's products are now one of the most serious online risks.

What went wrong? What's Adobe doing about it? And what lessons are there for other software developers?

Back in 2001, Microsoft was embarrassed when the Code Red worm infected hundreds of thousands of web servers running its Internet Information Server (IIS), and when Nimda became the world's most widespread computer infection at that time in just 22 minutes. Microsoft's response was Bill Gates' famous Trustworthy Computing memo and a new software development process called the Secure Development Lifecycle (SDL). The result? Windows Vista, Windows 7, Windows Server 2008 and Office 2010 have far fewer security flaws, and problems have been fixed more quickly.

Microsoft has shared its lessons with partners like Adobe, and has even condensed the SDL down to a 17-page guide that any developer can use, whatever the platform — the Simplified Implementation of the Microsoft SDL.

In Patch Monday this week, Stilgherrian speaks with Brad Arkin, Adobe's director of Product Security and Privacy. He explains how Adobe has improved its own Secure Product Lifecycle (SPLC), and how it plans to move forward with security in Adobe's troubled product line.

Plus we have Stilgherrian's usual idiosyncratic look at the week's IT news headlines.

To leave an audio comment for Patch Monday, Skype to stilgherrian, or phone Sydney 02 8011 3733.

Running time: 23 minutes, 16 seconds

Stilgherrian spoke with Brad Arkin at Microsoft's Trustworthy Computing Tour. He travelled to Redmond, Washington, as a guest of Microsoft.

Topics: Microsoft, Malware, Security, Software Development

About

Stilgherrian is a freelance journalist, commentator and podcaster interested in big-picture internet issues, especially security, cybercrime and hoovering up bulldust. He studied computing science and linguistics before a wide-ranging media career and a stint at running an IT business. He can write iptables firewall rules, set a rabbit tr... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.