Reflecting on RECON2011:

Last week I got a chance to travel to Montreal to attend the RECON2011 conference. In my last blog post I talked about this conference being among the best for deep technical security information. I am glad to report that’s still the case. There were talks on all aspects of reverse engineering, multiple operating system internals, and other complex security topics.The conference is run as one track, packed with technical presentations on relevant security topics.  This is a great plus for our security staff that are always continuously looking to improve Adobe products security.   

 The other plus is that the number of technical experts in one room creates a great opportunity for us to engage in valuable security-related conversations. Here at Adobe, listening to the feedback and input from the security community is a critical aspect of our overall security strategy. We are always eager to hear people’s thoughts on the strengths and weaknesses of our efforts.  At RECON2011, we had the opportunity to talk with many in the security community about our activities, and I am happy to say that most seemed to feel that we are on the right track but are not done yet.  This is something we recognize.  We understand that security is more like a marathon versus a sprint. So there is always more good work that can be done, especially as the threat landscape is constantly evolving. This conference allowed us to collect some great feedback and we will we be bringing that feedback in-house to evaluate and put to use.  One example of a valuable piece of feedback was to continue to innovate on our sandbox initiative. Sandbox has been great for the Reader 10 user base and continual improvement can only make things better.

 

Until next time,

 Steve “Capn Steve” Adegbite