What piqued my interest recently was a Twitter exchange started a couple of weeks ago between Brad Arkin (Director, Product Security & Privacy for Adobe Systems )and Charlie Miller. Miller has enjoyed ongoing success in CanSecWest's pwn2own competition and has given several interviews recently.
The exchange begins after this, from what I can tell. Brad Arkin gives a recorded presentation on the work that Adobe is doing around software security. and Charlie Miller responds:
"with low expectations like that, I can see why you're so happy."You can follow the Twitter exchange starting here and ending here. I may be way off base on how this exchange got started but there is one thing that I (a no-name security guy) would like to see come out of it. I want to see Adobe hire Miller to completely break the sh!t out of their products, have Adobe make progress in fixing and improving their software security, and have the results of said engagement shared with the public.
It makes me laugh to imagine teenage angst laden, diary entries from both sides. So, maybe there would be a time delay in the gritty "details" (read: vulnerabilities) but the result would be something that is rarely shared with the public: (nearly) complete insight into the breaking down and building back up of a large software vendor's product.
No comments:
Post a Comment