Incident response

Adobe strives to ensure that our incident response, mitigation, and resolution process is nimble and accurate. We continuously monitor the threat landscape, share knowledge with security experts around the world, swiftly resolve incidents when they occur, and feed this information back to our development teams to help ensure the highest levels of security for all Adobe products and services.

When an incident occurs with an Adobe product or service, the Adobe incident response team works with Adobe development teams to identify, mitigate, and resolve the issue as quickly as possible using the following proven process:

  1. Assess the status of the vulnerability
  2. Mitigate risk in production services
  3. Quarantine, investigate, and destroy compromised nodes (cloud-based services only)
  4. Develop a fix for the vulnerability
  5. Deploy the fix to contain the problem
  6. Monitor activity and confirm resolution

For Adobe cloud-based services, we centralize incident response and decision-making, issue detection, and external monitoring in our Security Coordination Center, providing cross-functional consistency and fast resolution of issues.

 

The incident response process also includes the following ongoing proactive efforts to minimize threats and vulnerabilities within our products and services:

Threat landscape monitoring

Adobe continuously monitors the threat landscape and invests in primary security research and telemetry information to ensure fast response to threats that target our products, services, or the Adobe cloud infrastructure.

Intelligence sharing

Adobe works with email and cloud platform providers, customers, researchers, and partners to exchange information about potential threats and vulnerabilities. As new threats emerge, we share this intelligence across Adobe product teams in order to mitigate these threats and adapt our processes accordingly, enabling us to develop stronger security capabilities in all Adobe products and services.

Update prioritization for desktop software

We have established a priority rating system for all incidents so Adobe customers can implement the most appropriate security response for their needs within their specific organizations.

MAPP partnership

Our partnership with the Microsoft Active Protections Program (MAPP) is a supplement to the Adobe incident response process for desktop software. MAPP facilitates advance information sharing of product vulnerabilities with security software providers, such as antivirus and intrusion detection and prevention vendors, helping them reduce the risk of malicious coders exploiting the vulnerability.

 

Security alerts

When incidents that require customer attention occur, Adobe has a proven system across our products and services to alert you.  

Security bulletins and advisories

Latest patches and updates

Reporting issues

Adobe encourages customers, security professionals, and other members of the security community to report new vulnerabilities and incidents directly to us for swift and appropriate resolution. If you think you’ve discovered a potential vulnerability in an Adobe software product or service, use our feedback web form or send an email to [email protected].

 

 

 

Resources

Page tools
Bulletins and advisories Get the latest information about security vulnerabilities
Report an issue Notify Adobe of security issues with an Adobe product or service
Stay up-to-date on security patches Keep your software and computer safe by running the most up-to-date version of your Adobe products
Choose your region    Products   Downloads   Learn & Support   Company

Copyright © 2016 Adobe Systems Incorporated. All rights reserved.

Terms of Use | Privacy | Cookies