Brad Arkin on Adobe's vulnerability disclosure policy, Group-IB claims

Brad Arkin on Adobe's vulnerability disclosure policy, Group-IB claims

Date: Apr 17, 2013

SAN FRANCISCO -- In November 2012, Russian cybercrime investigation firm Group-IB made waves when it disclosed a potentially devastating zero-day exploit in Adobe Systems Inc.'s Reader X software that could have allowed attackers to bypass its built-in application sandbox capabilities.

According to Brad Arkin, senior director of product security at Adobe, the problem with Group-IB's disclosure is that it wasn't based in fact. Despite repeated efforts on Adobe's part to work with Group-IB to validate the claims, Arkin says the company was never able to substantiate them.

In this video, recorded at the 2013 RSA Conference, Arkin details Adobe's stance on vulnerability disclosure policy and the importance of establishing lines of communication with exploit developers and researchers. He explains how Adobe handles every vulnerability disclosure from an outside party with care, and is willing to work with anyone that wants to help secure Adobe's customers. He also discusses the vulnerability research presented at hacking contests like Pwn2Own, and the effect that nation-state cyberespionage has on software security.

More on Vulnerability Risk Assessment

  • canderson

    How involved should execs be in software security programs?

    VIDEO - Video: Chris Wysopal of Veracode discusses how the role of security executives is evolving in application security and vendor management.
  • canderson

    The gaping hole in your vulnerability management program

    VIDEO - Authenticated vulnerability scanning may be just what your organization needs to complete its vulnerability management program. In this video, expert Kevin Beaver offers pointers for performing an authenticated vulnerability scan.
  • canderson

    How to make penetration test results matter

    VIDEO - Voodoo Security founder Dave Shackleford details how enterprises can make penetration test results more meaningful than a compliance exercise.
  • Adding the age of networking devices into a security risk assessment

    Answer - Recent data shows that more than 50% of all networking devices are aging or obsolete and pose a security risk to the enterprise. Expert Kevin Beaver discusses how to factor device age into a security risk assessment.
  • vulnerability management planning

    Definition - Vulnerability management planning is a comprehensive approach to the development of a continuous and repetitive system of practices and processes designed to identify, analyze and address flaws in hardware or software that could serve as attack vectors. The essential elements of vulnerability management include vulnerability scanning, vulnerability analysis, and vulnerability remediation.
  • The key to assigning risk values in an IT security risk assessment

    Answer - Security expert Michael Cobb offers pointers on how to assign risk values during a security risk assessment.
  • Five steps for improving an authenticated vulnerability scan

    Tip - Running an authenticated vulnerability scan can help detect flaws in your system, yet many organizations don't invest in this methodology. Security expert Kevin Beaver discusses five ways to get the most out of an authenticated vulnerability scan.
  • Debunking the myths of authenticated vulnerability scans

    Podcast - When it comes to authenticated vulnerability scans, there are many misunderstandings about the technology that leave organizations wary. Security expert Kevin Beaver explains what to expect from your scans.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: