LAS VEGAS — Adobe’s push to beef up its security posture took another leap forward here with the announcement of plans to start sharing details on software vulnerabilities with security vendors ahead of time to help reduce the window of exposure to hacker attacks.
In partnership with Microsoft, Adobe will give anti-virus, intrusion prevention/detection and corporate network security vendors a headstart to add signatures and filters to protect against security flaws in its widely deployed product suites.
Adobe’s pre-patch information will be released in the existing Microsoft Active Protections Program (MAPP), a two-year-old initiative aimed at providing detection guidance ahead of time to help security vendors reproduce the vulnerabilities being patched and ship signatures and detection capabilities without false positives.
[ SEE: Microsoft makes daring vulnerability sharing move ]
Microsoft says it has 65 security vendors participating in the program, which helps to protect 1 billion Windows users globally.
According to Mike Reavey, director of the Microsoft Security Response Center, the MAPP program provides a reduction in the attack window of up to 75 percent.
Adobe security chief Brad Arkin says MAPP participation will include vulnerability data from every Adobe product, from the oft-targeted Adobe Reader/Acrobat and Adobe FlashPlayer to enterprise products like ConnectPro and ColdFusion.
[ SEE: Punditry: Will Microsoft buy flaws? ]
Arkin expects the MAPP initiative to be especially useful during zero-day attacks. Adobe already provides pre-patch mitigation guidance during active attacks and, with this vulnerability sharing move, it adds another layer of protection for end users while the company investigates and creates its patches.
“MAPP was the gold standard for how vendors should be sharing information with security vendors,” Arkin said, noting that it provides a way to get actionable information to security vendors in a familiar template.
