iTWire - Can delaying the release of updates improve security?

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Can delaying the release of updates improve security?

Can delaying the release of updates improve security?

E-mail

by Stephen Withers
Monday, 25 May 2009
Adobe is planning to switch to a quarterly security update cycle. Does that make you feel more or less secure? Featured Whitepaper 5 Best Practices for Smartphone Support My reaction to Adobe's security effort is mixed. Indeed, two of the three prongs seem to be at odds with each other. The work to make products more secure is of course welcome, and it's good to hear that modern processes are being applied to old code - notably in the area of input validation. If you make sure that all inputs are well-formed before doing any processing, it becomes much harder to feed malformed data to a function with the goal of causing an overflow or other error condition. The company is also aiming to respond more rapidly to 'incidents', including the simultaneous release of patches for more versions of the affected software. But this is where the message seems to be at cross purposes. Adobe has also announced that it will soon switch from making patches available as soon as they are ready to a quarterly cycle. I can understand the decision to align release dates with Microsoft's Patch Tuesday so enterprise users can test and apply patches from both companies at the same time, but it seems strange to delay the release of updates for - potentially - months rather than weeks, as would be the case with a monthly cycle. But generally speaking, corporate PCs seem less likely to be the ones spewing out spam under the influence of malware. If the spam headers I receive are anything to go by, that seems to be largely the domain of privately owned computers. So why make a change to suit the part of the market that's not the biggest part of the problem? (Perhaps it has something to do with highly targeted attacks on executives, using documents names specifically to tempt them?) Being widely used, Adobe's software is an obvious target for the Bad Guys, so we really don't want to wait longer than absolutely necessary for updates whenever a new vulnerability is discovered. Tags See All Tags Adobe Exploit Microsoft Patch Patch Tuesday Patches Security Software Stephen Withers Update Updates Vulnerability Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

Heathrow Airport Terminal 5 Live with Progress Software

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

...Promote your press-releases here

Latest jobs

Business Analyst (M15)
VBA Access Excel Developer - CBD - Banking - Employer of Choice (S16)
Vignette Developers / Analyst Programmers - CBD - Finance (S16)
Senior Network Engineer (S24)
Systems Engineer - Java/Weblogic
Senior Systems/Business Analyst
Project Manager
Designers - Data Networks
Web Developer
IT Technical Support Manager

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking