Peleus here. As part of Adobe’s Secure Product Life Cycle (SPLC) efforts, we are always looking ahead to determine the future of the threat landscape. My particular focus is researching threats to Adobe’s Flash Platform products. This week, I will be co-presenting with Jesse Collins from Microsoft’s Silverlight team at the Microsoft BlueHat conference. We will be combining our research so that we can create a more holistic view of the RIA threat landscape. This cooperation is complimentary to what David Lenoe and Jeremy Dallman discussed on the Microsoft SDL blog detailing how Adobe and Microsoft are working together to protect our customers.
As part of the lead up to the presentation, I posted a blog describing some of my research on cross-domain threats. During the conference, I will expand upon this research detailing how improperly combining different types and classifications of cross-domain permissions can lead to increased security risk. The research has already caught the attention of Bryan Sullivan of Microsoft’s SDL team who assists in the development of Microsoft’s cross-domain SDL requirements. I plan to meet up with Bryan at the conference to share ideas on advancing the cross-domain SDL.
One of the advantages of collaborating with the Microsoft Silverlight team is that it allows us to see the overall threat landscape from two different perspectives. A more accurate view increases the ability for all vendors to better protect our customers. The talk will also cover the commonalities and subtle differences between different RIA technologies. Demonstrating the commonalities between platforms makes it easier to communicate risks to developers who may be implementing a mix of technologies. Overall, this has been an interesting process and we will post additional information after the conference.
Follow us on Twitter
- Compliance Update: Adobe Marketing Cloud Achieves New Certifications
- Applying the SANS Cybersecurity Engineering Graduate Certification to Adobe’s Secure Product Lifecycle (part 2 of 2)
- Join Our Security Team at OWASP AppSec California 2016
- Community Collaboration Enhances Flash
- Better Security Through Automation
Tag CloudAATL acrobat adobe approved trust list Android ASSET ASSET Software Security Certification Program black hat Brad Arkin CanSecWest cds certified document services Compliance conference Data Loss Prevention DefCon digital certificate digital signature digital signatures DLP DRM electronic signature esignature event Flash Player Fuzzing incident response LiveCycle Mac Microsoft PAdES PCI pdf Peleus Uhley PKI protected mode Reader Rights Management RSA SAFECode sandbox security SPLC SWF Update video