On January 16, 2009, Adobe learned about a vulnerability in Adobe Reader and Acrobat 9 involving the JBIG2 image compression standard. Even though there were reports that the hole was being exploited, it took Adobe nearly two months to.
"Our process was not optimized for rapid turn around. It took us longer than we wanted it to," Brad Arkin, director of product security and privacy at Adobe, said in a recent interview with CNET.
That wasn't the only exploit targeting Adobe's PDF reader programs. About 80 percent of new exploits targeted Adobe's Reader and Acrobat in the fourth quarter of 2009, according to ScanSafe.to avoid using Adobe software because of the problems.
Adobe had begun addressing the security problems the year before (as outlined in a blog post in December 2008 aptly entitled "We care"), but the JBIG2 issue marked a turning point for the company.
"The landscape had really changed and it was very clear to us that we needed to respond," Arkin said.
CNET's Tom Merritt sat down with Arkin to find out exactly what steps the company is taking to address concerns about the security of its products. In the video below Arkin talks about how the company is strengthening the underlying code for its products, responding to bug reports more quickly and moving to offering quarterly updates and automatic updates for Reader.