Recent industry-wide security issues, in open-source software in particular, have energized companies to revisit their playbooks and processes for handling these types of issues. This is especially true now that vulnerabilities are now affecting software libraries that are used broadly to perform very common, basic service functions. Compound this with the fact that the situations around these vulnerabilities can change by the day or even the hour – resulting in a unique level of both visibility and complexity for any in our industry affected. For the industry in general, such broadly applicable incidents are relatively new – and we are all adapting to how we deal with and help mitigate them moving forward.
Standard security practices need to be revisited regularly to adapt to these broader potential issues. These types of vulnerabilities can impact many applications and services – and are also often too new to be flagged by widely used commercial scanning tools. You need to mobilize the entire company to effectively deal with these issues and properly manage customer expectations. Mike Mellor will share best practices Adobe has learned to help enhance our own playbooks to better deal with the evolving complexity and scope of industry-wide vulnerabilities. He will provide guidance and best practices that can be valuable as we work together as an industry to get better at managing and mitigating similar incidents in the future.