The Common Control Framework (CCF) by Adobe is the cornerstone of our company-wide compliance strategy. It is a comprehensive set of simple control requirements, rationalized from the alphabet soup of several different industry information security and privacy standards.
Adobe has an established footprint on Amazon Web Services (AWS). It started in 2008 with Managed Services, and expanded greatly with the launch of Creative Cloud in 2012 and the migration of Business Catalyst to AWS in 2013.
A centralized application security team, similar to ours here at Adobe, can be the key to driving the security vision of the company. It helps implement the Secure Product Lifecycle (SPLC) and provide security expertise within the organization.
If you are using go-jose, node-jose, jose2go, Nimbus JOSE+JWT or jose4 with ECDH-ES please update to the latest version. RFC 7516 aka JSON Web Encryption (JWE) Invalid Curve Attack.
Hacker Village was introduced at Adobe Tech Summit in 2015. The Hacker Village was designed to provide hands-on, interactive learning about common security attacks that could target Adobe systems and services.
In previous blogs [1],[2], we discussed alternatives for creating a large-scale automation framework if you don’t have the resources for a multi-month development project.
Adobe CCF has helped us achieve several security compliance goals and meet regulatory requirements across various products and solutions. In addition, we have also achieved SOX 404 compliance across our financial functions to further support our governance efforts.
Every security engineer wants to build the big security automation framework for the challenge of designing something with complexity. Building those big projects have their set of challenges.
Software engineering is a unique and exciting profession. Engineers must employ continuous learning habits in order to keep up with constantly morphing software ecosystem.
IT Asset Management (ITAM) is the complete and accurate inventory, ownership and governance of IT assets. ITAM is an essential and often required stipulation of an organization’s ability to implement baseline security practices and become compliant with rigorous industry standards.
By now, most of us know that the email from the Nigerian prince offering us large sums of money in return for our help to get the money out of Nigeria is a scam. We also recognize that the same goes for the email from our bank that is laden with spelling errors.
This is the first of a multi-part series on security automation. This blog will focus on high-level design considerations. The next blog will focus on technical design considerations for building security automation.
Click here to read this article.