14 DAY TRIAL // While Microsoft and Adobe are at each other's throat with technologies such as Flash and Silverlight, the two companies can also find common ground for collaboration. Essentially, they have partnered over delivering a higher level of security to their customers, revealed Jeremy Dallman, security program manager, Security Development Lifecycle Team, and David Lenoe, group program manager, Adobe Secure Software Engineering Team (ASSET). The former explained that the joint efforts had been debuted a couple of years back, and were designed to focus on the same range of security goals as a team rather than as separate entities.
“Our security teams have since been working closely together with the clear goal of protecting our mutual customers. This collaborative relationship enables faster implementations of security protection through the lifecycle processes both companies offer (Microsoft’s Security Development Lifecycle - SDL, Adobe’s Secure Product LifeCycle - SPLC), and allows us to share best practices learned over the years. In turn, each company learns about new ways to apply their respective lifecycle plan, thereby helping to provide our customers with a more secure computing environment,” Dallman explained.
One aspect of the partnership between the two companies involves a closer collaboration across all their security efforts, especially those focused on discovering and addressing vulnerabilities. The duo has benefited from the bridging of the Microsoft Security Response Center (MSRC), Microsoft Vulnerability Research (MSVR) program, the Microsoft Security Research and Defense team, with the Adobe Product Security Incident Response Team (PSIRT) and Adobe Secure Software Engineering Team (ASSET).
But the joint efforts span well beyond tackling vulnerabilities. Dallman indicated that Adobe even adopted the !exploitable Crash Analyzer - MSEC Debugger Extensions for its security testing, and implemented proactive engineering protections. The two companies also worked together when authoring the Microsoft Security Intelligence Report in which they described vulnerabilities affecting both Microsoft and Adobe products.
“Through the last couple of years we have had conversations about defining and implementing security requirements, prioritizing security risk, threat modeling, the benefits of compiler/linker flag protections, fuzzing, and penetration testing. We’ve even shared data on security incidents and response,” Dallman added. “We consider the collaboration between Microsoft and Adobe to be a great success for both companies. We look forward to continuing to work together and discovering new and better ways that we can protect both Microsoft and Adobe customers in the future.”