Tuesday, May 22, 2012

Adobe Systems, a national security threat?

Slopping coding and software development practices by Adobe Systems has made things easier for China based cyber espionage actors. The number one vector for these intrusions has been carefully crafted e-mails containing malicious attachments or links. And the most commonly targeted vulnerable applications have been Adobe Systems products. Let's look at this a little closer. Below is a table listing the number of high severity vulnerabilities within the National Vulnerability Database for several different products. Adobe product vulnerabilities dominate those of Microsoft Windows. But there are obviously serious issues across the entire software industry which may be a subject for another post.

Year Adobe Adobe Reader Adobe Flash Microsoft Powerpoint Microsoft Windows XP SP3
2012 44 9 0 14 12
2011 166 49 19 57 90
2010 184 63 25 59 62
2009 77 42 33 18 73
2008 34 12 17 11 23
2007 13 3 2 3 3

Looking in further detail, here are the vulnerabilities which have actually been exploited in the wild during the period January, 2011 to today, Adobe Systems vulnerabilities dominate those of Microsoft 7 to 2. This information can be found from searching the National Vulnerability Database for the string "exploited in the wild" and cross correlating with the analysis of virus researchers.



Should software firms be held liable for the losses their bugs impose on customer's? Why are people
still using Adobe products? This points to wider issues of market failure within the software and information security industry which has now caused issues of national security concern to governments world wide.

No comments:

Post a Comment