Adobe fix another big bug

August 6, 2010

It seems that the attack on middleware applications to access the operating system continues as Adobe is set to fix another big hole in their Acrobat and Reader software.

This out-of-band release [http://www.adobe.com/support/security/bulletins/apsb10-17.html]  is set to occur on October 21, 2010.

It was also an Adobe product that led to Apple being blamed, unfairly, for a recent security breach.

The Problem (in my opinion)

These attacks simple raise question against all software vendors.  Microsoft has been slated over the years for writing insecure software both at the operating system and application level.  To be fair Microsoft only tried to improve the user experience but with a seemingly naive approach as they did not take into account the huge success of the internet.

The other issue that compounds this problem is development speed.  Each vendor is rushing to jump the competitor in feature releases without fully assessing the risk and I think Adobe has become a victim of this poor testing cycle by fixing one problem and testing only that issue.

However the bigger issue is that the internet population seems to happily accept this lax approach to software development.  Consumers are happy to accept a product that does not meet the standard provided it allow them to achieve their short term goal.  Take the iPhone 4. This product clearly fell short of expectations but to what degree.  People still purchased it in its millions because whilst issues exist with the signal strength, its primary function is not used as a phone but an all encompassing communication device – either via text or Facebook/Twitter/etc.

Ironically, Nokia has become victim to the stringent software development approach.  The strict testing cycle resulted in a solid performing device that very rarely goes wrong.  But getting innovation to market has become its Achilles heel as it gets passed by far eastern manufactures.

Either way this situation is not going to improve soon as short term revenue is more important than long term safety.