Peleus here. As part of Adobe’s Secure Product Life Cycle (SPLC) efforts, we are always looking ahead to determine the future of the threat landscape. My particular focus is researching threats to Adobe’s Flash Platform products. This week, I will be co-presenting with Jesse Collins from Microsoft’s Silverlight team at the Microsoft BlueHat conference. We will be combining our research so that we can create a more holistic view of the RIA threat landscape. This cooperation is complimentary to what David Lenoe and Jeremy Dallman discussed on the Microsoft SDL blog detailing how Adobe and Microsoft are working together to protect our customers.
As part of the lead up to the presentation, I posted a blog describing some of my research on cross-domain threats. During the conference, I will expand upon this research detailing how improperly combining different types and classifications of cross-domain permissions can lead to increased security risk. The research has already caught the attention of Bryan Sullivan of Microsoft’s SDL team who assists in the development of Microsoft’s cross-domain SDL requirements. I plan to meet up with Bryan at the conference to share ideas on advancing the cross-domain SDL.
One of the advantages of collaborating with the Microsoft Silverlight team is that it allows us to see the overall threat landscape from two different perspectives. A more accurate view increases the ability for all vendors to better protect our customers. The talk will also cover the commonalities and subtle differences between different RIA technologies. Demonstrating the commonalities between platforms makes it easier to communicate risks to developers who may be implementing a mix of technologies. Overall, this has been an interesting process and we will post additional information after the conference.
Follow us on Twitter
- Centralized Security Governance Practices To Help Drive Better Compliance
- SOC 2-Type 2 (Security & Availability) and ISO 27001:2013 Compliance Across All Adobe Enterprise Clouds
- Boldly Leading the Possibilities in Cybersecurity, Risk, and Privacy
- Security Automation Part II: Defining Requirements
- Security Automation for PCI Certification of the Adobe Shared Cloud
Tag Cloudacrobat adobe approved trust list ASSET ASSET Software Security Certification Program AWS black hat Brad Arkin CanSecWest CCF certified document services Compliance conference Data Loss Prevention DefCon digital certificate digital signature digital signatures DLP DRM electronic signature Flash Player Fuzzing incident response LiveCycle Microsoft OWASP PAdES PCI pdf Peleus Uhley protected mode Reader Rights Management RSA RSA Conference SAFECode sandbox sandboxing security Security automation SPLC standards SWF Update women in security