Security lessons from Adobe Reader

Adobe announced another security improvement to Adobe Reader last week: a "sandbox" for the Windows version that will help prevent malicious PDFs taking over users' computers.

On Patch Monday this week Brad Arkin, Adobe's head of product security and privacy, explains why the company chose to implement a sandbox, what threats it will and won't counter, and how the company went about this massive programming task.

The sandbox is yet another result of Adobe adopting a process based on Microsoft's Security Development Lifecycle (SDL). David Ladd, who leads the team at Microsoft that developed the SDL, introduces us to the Simplified Implementation of the Microsoft SDL, a free 17-page guide that any developer can use — whether they're large or small, and whether they're developing for Windows or another platform.

Patch Monday also includes Stilgherrian's random look at some of the week's IT news headlines.

To leave an audio comment for Patch Monday, Skype to stilgherrian, or phone Sydney 02 8011 3733.

Running time: 26 minutes, 8 seconds

Stilgherrian spoke with David Ladd at Microsoft's Trustworthy Computing Tour. He travelled to Redmond, Washington, as a guest of Microsoft.