Open Source Common Controls Framework (CCF) v3.0 Now Available

Introducing Tripod: an Open Source Machine Learning Tool

The Human Element and Security Awareness

DYK?

Connect with us

Adobe & Splunk CTF Competition

A hallmark of an engaged team is continuous learning and improvement. And this is no different for a SOC (Security Operations Center) team.

How Adobe Helps Protect You from Email Phishing

Email has always been a tool of choice cybercriminals.  By capitalizing on an established company’s brand reputation, they can send emails with malicious intent (links, attachments, phishing, etc.) and trick people

The Impact of Public Policy on Cybersecurity

Public policy has been joined at the hip with cybersecurity in some shape, form or fashion for a while now. Whether it’s been efforts to increase information sharing between businesses and government agencies,

Introducing HubbleStack

Hello! My name is Colton Myers and I am the co-creator and architect of HubbleStack, an open-source security compliance project written in Python.

ReproNow: Triage Assistant

Bug bounty programs (i.e.crowdsourced security) can bring a lot of benefits. Organizations are able to leverage talent from all over the world while bug hunters can get compensated for submitting bugs and

Leveraging Security Headers for Better Web App Security

Modern browsers support quite a few HTTP headers that provide an additional layer in any defense-in-depth strategy. If present in an HTTP response, these headers enable compatible browsers to enforce certain security properties.

OWASP, IR, ML, and Internal Bug Bounties

A few weeks ago, I traveled to the OWASP Summit located just outside of London. The OWASP Summit is not a conference. It is a remote offsite event for OWASP leaders and the community to brain storm on how to improve OWASP. 

Lessons Learned from Improving Transport Layer Security (TLS) at Adobe

Transport Layer Security (TLS) is the foundation of security on the internet. As our team evolved from primarily consultative role to solve problems for the entire company, we chose TLS as one of the areas to improve.

Getting Secrets Out of Source Code

Secrets are valuable information targeted by attackers to get access to your system and data. Secrets can be encryption keys, passwords, private keys, AWS secrets, Oauth tokens, JWT tokens, Slack tokens, API secrets, and so on.

Adobe Releases Common Control Framework (CCF) as Open Source

The Common Control Framework (CCF) by Adobe is the cornerstone of our company-wide compliance strategy.  It is a comprehensive set of simple control requirements, rationalized from the alphabet soup of several different industry information security and privacy standards.

Developing an Amazon Web Services (AWS) Security Standard

Adobe has an established footprint on Amazon Web Services (AWS).  It started in 2008 with Managed Services, and expanded greatly with the launch of Creative Cloud in 2012 and the migration of Business Catalyst to AWS in 2013.

Evolving an Application Security Team

A centralized application security team, similar to ours here at Adobe, can be the key to driving the security vision of the company. It helps implement the Secure Product Lifecycle (SPLC) and provide security expertise within the organization. 

Critical Vulnerability Uncovered in JSON Encryption

If you are using go-jose, node-jose, jose2go, Nimbus JOSE+JWT or jose4 with ECDH-ES please update to the latest version. RFC 7516 aka JSON Web Encryption (JWE) Invalid Curve Attack.

Building Better Security Takes a Village

Hacker Village was introduced at Adobe Tech Summit in 2015. The Hacker Village was designed to provide hands-on, interactive learning about common security attacks that could target Adobe systems and services.