Brad Arkin on Adobe's vulnerability disclosure policy, Group-IB claims

Brad Arkin on Adobe's vulnerability disclosure policy, Group-IB claims

Date: Apr 17, 2013

SAN FRANCISCO -- In November 2012, Russian cybercrime investigation firm Group-IB made waves when it disclosed a potentially devastating zero-day exploit in Adobe Systems Inc.'s Reader X software that could have allowed attackers to bypass its built-in application sandbox capabilities.

According to Brad Arkin, senior director of product security at Adobe, the problem with Group-IB's disclosure is that it wasn't based in fact. Despite repeated efforts on Adobe's part to work with Group-IB to validate the claims, Arkin says the company was never able to substantiate them.

In this video, recorded at the 2013 RSA Conference, Arkin details Adobe's stance on vulnerability disclosure policy and the importance of establishing lines of communication with exploit developers and researchers. He explains how Adobe handles every vulnerability disclosure from an outside party with care, and is willing to work with anyone that wants to help secure Adobe's customers. He also discusses the vulnerability research presented at hacking contests like Pwn2Own, and the effect that nation-state cyberespionage has on software security.

More on Vulnerability Risk Assessment

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: