Tavis Ormandy and Adobe squabble over Flash bug credit
Adobe patched 13 critical bugs in its nearly-ubiquitous Flash Player on Tuesday, but came under quick criticism from a security engineer who works for Google, a close partner of Adobe.
Although Adobe listed a baker's dozen of bugs fixed in the patched Flash, Google employee Tavis Ormandy took to Twitter to contest that number. "Adobe patched around 400 unique vulnerabilities I had sent them in APSB11-21 as part of an ongoing security audit," Ormandy said on Twitter late Tuesday. "Not a typo."
APSB11-21 is Adobe's designation for the security bulletin that accompanied the revised Flash Player. Ormandy was apparently upset that he was not credited for his bug reports in the bulletin, which while giving a nod to 10 researchers, said of Google and Ormandy only that "Adobe would also like to thank Tavis Ormandy and the Google Chrome team for their great work on several improvements to this Flash Player release."