Some scary headlines today… IBM AppScan Takes Aim at Securing Flash, IBM Targets Adobe Flash Vulnerabilities with New Tool, IBM software scans for security holes in Flash, Ajax, IBM’s AppScan tool adds Adobe Flash, SOA scanning.
The headlines seem to overstate the case, but it looks like not all of the information is publicly published yet.
The AppScan minisite links to a PDF, but their press room doesn’t yet seem to have a press release or FAQ which Adobe participated in. My best guess is that there was a press pre-briefing and embargo which wasn’t backed up by the full release of info. Hard to tell, from my position right now.
There are some more informational materials in the pipeline that haven’t made it out yet. I believe the Adobe PSIRT folks will also have info on this whole area of enterprise content-checking. If you get questions about this morning’s press, the best answer may be “Wait just a little for full information to become available, on that useful best-practices validation tool.”
Now, if only we had some way to protect people from vulnerabilities in new headline generation….