back to article These couldn't wait for Patch Tuesday: Adobe issues bonus fixes for 92 security holes in 14 products

A mere two weeks after its most recent set of security patches, Adobe has issued another 14 security bulletins covering 92 CVE-listed bugs. Nonetheless, Adobe's repairs apparently represent planned maintenance rather than an out-of-band release, even though October's Patch Tuesday – the second Tuesday of the month – has come …

  1. Snake Silver badge

    RE: Give it time

    It's time for programmers, including the ones at Adobe, to seriously consider switching to a language with better memory security built-in, rather than expect your fallible humans to remember and then correctly implement protections at every juncture.

    1. Potemkine! Silver badge

      Re: RE: Give it time

      Yes, because working correctly and conscientiously becomes a rarity these days.

      Competent people in Dev becomes something rare and valuable.

      1. tiggity Silver badge

        Re: RE: Give it time

        .. working correctly & conscientiously usually takes longer, which unfortunately conflicts with the "get that change made yesterday" mentality often imposed on developers.

        But hey, stability, security, that's boring stuff for customers, more features ASAP, comes the cry from above

        1. CommonBloke

          Re: RE: Give it time

          Sounds like you just described the head execs of Unity

    2. Dan 55 Silver badge

      Re: RE: Give it time

      Adobe have been playing whack-a-mole for years across their entire product range. This is not a language problem.

      1. Stuart Castle Silver badge

        Re: RE: Give it time

        I think Adobe need to do something Microsoft did during the XP lifecycle.

        They need to stop adding new features to their suite, and re-evaluate their whole development cycle with a view to reducing exploits. People were finding dozens of vulnerabilities in Microsoft code each week. While Microsoft were patching these, more were being found. So, Microsoft paused all development, then had consultants go through every aspect of the process. This took months, and they even rebooted the development cycle for Vista in the process. The ultimate result is while Microsoft did lose a lot of money doing this, they cut the vulnerabilities found in their products to a fraction of what they were. Not saying any Microsoft product is perfect security-wise, none are, but they are a *lot* better than they were in 2003-2005

        The problem for Adobe is they've switched to a subscription. If they stop updating it, a lot of people are going to wonder what they are paying for if it's not a continually updated product. At least (at that time anyway), Microsoft sold the software , so as long as people got their value from the product after a 1 off payment, they didn't give a toss whether it was updated or not.

        1. Anonymous Coward
          Anonymous Coward

          Re: Adobe

          you might have thought that the years of pain that Flash gave them that someone would have made a decision to slow things down and get it right first time... Clearly this is not the case.

          The Fragile agitators don't like things going slow. Put it aside and on the list of technical debt. Many of us know that list never gets addressed and even looking at it causes Scrum Managers to have a fit.

          To even propose that this scrum is for maintenance gets you firmly put on the naughty step forever.

          That is the state of development today. I'm so glad that my time is up next May and I can say goodbye to putting out releases that a not fit for ANY purpose other than to tick a few boxes in management. Roll on retirement.

    3. Paul Floyd

      Re: RE: Give it time

      And what language might that be?

      1. Anonymous Coward
        Anonymous Coward

        Re: RE: Give it time

        > better memory security built-in"?

        > And what language might that be?

        Hello from Java, JavaScript, Rust, Lua, Perl. Those are the ones I know, I suspect Python is on that list too. Pretty much anything designed in the last 30 years. Happy to help!

      2. Ken Hagan Gold badge

        Re: RE: Give it time

        C++ is memory-safe and you can migrate incrementally from C. Of course, you do have to know how to use C++ and apparently no-one at Adobe does, otherwise they'd be doing it.

  2. Mike Richards Silver badge

    It's bugs all the way down

    It might be quicker to list all the Adobe code that doesn't require patching.

    1. James O'Shea

      Re: It's bugs all the way down

      That would be a very short list.

  3. Boris the Cockroach Silver badge
    Facepalm

    Buffer overflows

    STILL ? !!!!!!

    Caution : multiple exclaimation marks are the sign of a diseased mind

  4. grumpy-old-person

    How is this allowed to continue over decades?

    Large corporations that make many, many billions of dollars out of software that has been known to be dodgy over decades are still at it - how is this possible?

    Rocket science is not required to figure out what is going on here - this is simply ALLOWED to happen and the money keeps roling in!

    Way past time for action by governments and trade organisations to step in to stop this - but they won't because there is money to be made!

    Use cheap/free open source software created/maintained by people who really try to make a difference is shunned in favour of expensive swiss-cheese software.

    Open-source is not perfect, but I'm relieved that for the last 15 or so years I have not used Windoze but Linux (with the systemd wart) and very useful open-source software

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021