Adobe's director of product security and privacy, Brad Arkin, answers questions about Adobe's safety and security.
Elinor MillsFormer Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
On January 16, 2009, Adobe learned about a vulnerability in Adobe Reader and Acrobat 9 involving the JBIG2 image compression standard. Even though there were reports that the hole was being exploited, it took Adobe nearly two months to issue a patch.
"Our process was not optimized for rapid turn around. It took us longer than we wanted it to," Brad Arkin, director of product security and privacy at Adobe, said in a recent interview with CNET.
That wasn't the only exploit targeting Adobe's PDF reader programs. About 80 percent of new exploits targeted Adobe's Reader and Acrobat in the fourth quarter of 2009, according to ScanSafe. Security experts urged people to avoid using Adobe software because of the problems.
Adobe had begun addressing the security problems the year before (as outlined in a blog post in December 2008 aptly entitled "We care"), but the JBIG2 issue marked a turning point for the company.
"The landscape had really changed and it was very clear to us that we needed to respond," Arkin said.
CNET's Tom Merritt sat down with Arkin to find out exactly what steps the company is taking to address concerns about the security of its products. In the video below Arkin talks about how the company is strengthening the underlying code for its products, responding to bug reports more quickly and moving to offering quarterly updates and automatic updates for Reader.