News Item

Adobe Calls For Defensive Approach In Security Research

By: Kelly Jackson Higgins, Dark Reading

CANCUN, MEXICO -- Kaspersky Security Analyst Summit 2012 -- Adobe Software's product security executive here today urged security researchers to consider focusing on coming up with defensive strategies for stopping attacks rather than just on finding new offensive attacks.

Brad Arkin, senior director of security for Adobe products and services, says Adobe's goal is not to address each and every vulnerability that's discovered in its software, but instead to build mitigations that drive up the cost of writing exploits: "It's how to drive up the cost [for attackers] to write exploits, versus making the [Adobe] software perfect," he said here on the first day of the Kaspersky Security Analyst Summit.

Offensive security research does the reverse, sometimes making it easier for potential attackers: Offensive research actually drives down the cost for attackers, he said. "The skill of writing something first is very high, but the cost to adapt a proven [attack] is a lot easier to do," Arkin said.

Read more...