Security lessons from Adobe Reader

Summary:Adobe announced another security improvement to Adobe Reader last week: a "sandbox" for the Windows version that will help prevent malicious PDFs taking over users' computers.

Adobe announced another security improvement to Adobe Reader last week: a "sandbox" for the Windows version that will help prevent malicious PDFs taking over users' computers.

On Patch Monday this week Brad Arkin, Adobe's head of product security and privacy, explains why the company chose to implement a sandbox, what threats it will and won't counter, and how the company went about this massive programming task.

The sandbox is yet another result of Adobe adopting a process based on Microsoft's Security Development Lifecycle (SDL). David Ladd, who leads the team at Microsoft that developed the SDL, introduces us to the Simplified Implementation of the Microsoft SDL, a free 17-page guide that any developer can use — whether they're large or small, and whether they're developing for Windows or another platform.

Patch Monday also includes Stilgherrian's random look at some of the week's IT news headlines.

To leave an audio comment for Patch Monday, Skype to stilgherrian, or phone Sydney 02 8011 3733.

Running time: 26 minutes, 8 seconds

Stilgherrian spoke with David Ladd at Microsoft's Trustworthy Computing Tour. He travelled to Redmond, Washington, as a guest of Microsoft.

Topics: Security, Software Development

About

Stilgherrian is a freelance journalist, commentator and podcaster interested in big-picture internet issues, especially security, cybercrime and hoovering up bulldust. He studied computing science and linguistics before a wide-ranging media career and a stint at running an IT business. He can write iptables firewall rules, set a rabbit tr... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.