Proactive efforts

Our proactive approach to the security of your digital media creation and digital marketing efforts extends to every corner of Adobe, from product inception through delivery — and each time you use an Adobe product or service. An integral part of the development of every Adobe product and service, the Adobe Secure Product Lifecycle (SPLC) helps protect the security of your information.

A dedicated team of industry-leading experts in building, deploying, and monitoring secure applications and services, the Adobe Secure Software Engineering Team (ASSET) works with individual Adobe product security and operations teams to help achieve the highest level of security for all Adobe products and services.

 

ASSET experts act as consultants to development teams to advise on security best practices for clear, repeatable, and cross-functional processes for development, deployment, operations, and incident response. The team uses industry-standard benchmarks and reporting dashboards to constantly measure and convey progress in a variety of key areas. ASSET experts also maintain ties with the security community, exchanging information by collaborating with other organizations. 

Adobe Secure Product Lifecycle

Integrated into every stage of the product lifecycle — from design and development to quality assurance, testing, and deployment — the Adobe Secure Product Lifecycle (SPLC) is a rigorous set of more than 80 software development best practices, processes, and tools designed to help keep your information safe when you use Adobe products and services. Implemented by Adobe’s dedicated security and incident response teams and complemented by continuous community engagement, the Adobe SPLC evolves to stay current as technology, security practices, and the threat landscape change.

Best practices, processes, and tools

The Adobe SPLC includes the following:

  1. Security training and certification for all product teams
  2. Product health, risk, and threat landscape analysis
  3. Secure coding guidelines, rules, and analysis
  4. Comprehensive security architecture review and penetration testing
  5. Source code reviews to eliminate known flaws that could lead to vulnerabilities
  6. Code hardening and fuzzing
  7. User-generated content validation
  8. Static and dynamic code analysis
  9. Application and network scanning
  10. Implementation of protected modes and sandboxing
  11. Full readiness review, response plans, and release of developer education materials

ASSET Certification Program

The Adobe Secure Software Engineering Team (ASSET) conducts ongoing security training within development teams to enhance security knowledge throughout the company and improve the overall security of our products and services. Employees participating in the ASSET Certification Program attain different certification levels by completing security projects. The program has four levels, each designated by a colored “belt”: white, green, brown, and black. The white and green levels are achieved by completing computer-based training. The higher brown and black belt levels require hands-on security coding experience. Employees who attain brown and black belts become security champions and experts within their product teams.

 

 

ASSET Certification Program

  1. White — Introduces basic security concepts (for example, ensuring security in web-focused languages, such as Ruby on Rails and PHP)
  2. Green — Builds on basic security topics covered at the white belt level
  3. Brown — Measures, recognizes, and rewards the development of security concepts in Adobe product code (for example, sandboxing)
  4. Black — Recognizes the highest level of hands-on security expertise within Adobe product teams across the company

Your Adobe ID is your key to access most Adobe products and services and participate in the thriving Adobe online community. Protecting this ID is of critical importance to us, and we strive to meet stringent industry best practices for user credential management.

Authentication/authorization

Through strong authentication and authorization processes, we help ensure that only authorized Adobe ID holders can use and access Adobe cloud-based services.  For services using Adobe IDs, Adobe leverages the SHA 256 hash algorithm in combination with password salts and a large number of hash iterations.  As part of Adobe’s commitment to industry best practices, we continually work with our development teams to implement new protections based on evolving authentication standards.

 

 

ADO867-Security-AdobeIDAccounts-v2a

Suspicious activity monitoring

Adobe continually monitors Adobe ID accounts for unusual or anomalous account activity and regularly receives information from trusted third parties, including security partners and customers, about suspicious activity. We use this information to help you quickly mitigate immediate and future threats to the security of your Adobe ID account. What’s more, we provide this information back to our product operation and development teams, helping to improve protections.

Resources

Page tools
Bulletins and advisories Get the latest information about security vulnerabilities
Report an issue Notify Adobe of security issues with an Adobe product or service
Stay up-to-date on security patches Keep your software and computer safe by running the most up-to-date version of your Adobe products
Choose your region    Products   Downloads   Learn & Support   Company

Copyright © 2016 Adobe Systems Incorporated. All rights reserved.

Terms of Use | Privacy | Cookies