Skip to main content

Brad Arkin: Fixing vulnerbilities won't thwart hackers

posted onJune 5, 2013
by l33tdawg

For commercial software coders looking to thwart cybercriminals, finding and fixing vulnerabilities is all well and good. In reality, though, that approach to product security can be a colossal waste of time and resources, according to Adobe's Brad Arkin. What really makes a difference is mitigation.

“A lot of people pursue a strategy based on dogma, which is not necessarily based on the facts,” explained Brad Arkin, Adobe's chief security officer, speaking at May’s Security Development Conference in San Francisco. “This idea that we make software more secure by finding and fixing all of the vulnerabilities in the code is a distraction that’s not correlated with making people safer.”

He said that clients often think locating vulnerabilities is just like spell checking – but the reality is far more complex. “I was in a meeting in 2010 with the CIO of one of the biggest banks in the world, and he wanted to know, ‘can’t you just look at it and fix it?’” Arkin said. “I had to explain that it’s tens of millions of lines of code and you can’t just ‘look at it.’”

Source

Tags

Adobe Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th