These couldn't wait for Patch Tuesday: Adobe issues bonus fixes for 92 security holes in 14 products A mere two weeks after its most recent set of security patches, Adobe has issued another 14 security bulletins covering 92 CVE-listed bugs. Nonetheless, Adobe's repairs apparently represent planned maintenance rather than an out-of-band release, even though October's Patch Tuesday – the second Tuesday of the month – has come …
.. working correctly & conscientiously usually takes longer, which unfortunately conflicts with the "get that change made yesterday" mentality often imposed on developers.
But hey, stability, security, that's boring stuff for customers, more features ASAP, comes the cry from above
I think Adobe need to do something Microsoft did during the XP lifecycle.
They need to stop adding new features to their suite, and re-evaluate their whole development cycle with a view to reducing exploits. People were finding dozens of vulnerabilities in Microsoft code each week. While Microsoft were patching these, more were being found. So, Microsoft paused all development, then had consultants go through every aspect of the process. This took months, and they even rebooted the development cycle for Vista in the process. The ultimate result is while Microsoft did lose a lot of money doing this, they cut the vulnerabilities found in their products to a fraction of what they were. Not saying any Microsoft product is perfect security-wise, none are, but they are a *lot* better than they were in 2003-2005
The problem for Adobe is they've switched to a subscription. If they stop updating it, a lot of people are going to wonder what they are paying for if it's not a continually updated product. At least (at that time anyway), Microsoft sold the software , so as long as people got their value from the product after a 1 off payment, they didn't give a toss whether it was updated or not.
you might have thought that the years of pain that Flash gave them that someone would have made a decision to slow things down and get it right first time... Clearly this is not the case.
The Fragile agitators don't like things going slow. Put it aside and on the list of technical debt. Many of us know that list never gets addressed and even looking at it causes Scrum Managers to have a fit.
To even propose that this scrum is for maintenance gets you firmly put on the naughty step forever.
That is the state of development today. I'm so glad that my time is up next May and I can say goodbye to putting out releases that a not fit for ANY purpose other than to tick a few boxes in management. Roll on retirement.
Large corporations that make many, many billions of dollars out of software that has been known to be dodgy over decades are still at it - how is this possible?
Rocket science is not required to figure out what is going on here - this is simply ALLOWED to happen and the money keeps roling in!
Way past time for action by governments and trade organisations to step in to stop this - but they won't because there is money to be made!
Use cheap/free open source software created/maintained by people who really try to make a difference is shunned in favour of expensive swiss-cheese software.
Open-source is not perfect, but I'm relieved that for the last 15 or so years I have not used Windoze but Linux (with the systemd wart) and very useful open-source software
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
