Adobe considering monthly update cycle

Stephen Withers
Wednesday, 26 May 2010 10:04

Business IT - Security

Will Adobe align its security update release cycle more closely with Microsoft's?

Adobe currently releases patches for its 'mass market' applications on a quarterly schedule, but monthly updates are under consideration.

"Why do people attack Adobe software? Because that's where the users are,"  observed Brad Arkin, Adobe's director of product security and privacy. Flash or Reader are installed on some 98% of desktops and on many devices. They provide relatively complex functionality, so present a big attack surface.

Adding to the challenge, the company still keeps Flash running on Windows 98, even though that is no longer supported by Microsoft. And even though Shockwave Player has a very old and fragile code base, a lot of work is still being done to improve its security.

"Every person at Adobe is aware of how important security is to the user base," said Arkin. "Security is definitely the head seat at the table these days," he added.

April's introduction of the new updater for Acrobat and Reader for all users (it was present in an earlier update but only enabled for a selected test users) has proved "a tremendous success so far" in that it led to a four or five times faster uptake of the new version, said Arkin.

CONTINUED