Adobe strives to ensure that our incident response, mitigation, and resolution process is nimble and accurate. We continuously monitor the threat landscape, share knowledge with security experts around the world, swiftly resolve incidents when they occur, and feed this information back to our development teams to help ensure the highest levels of security for all Adobe products and services.
When an incident occurs with an Adobe product or service, the Adobe incident response team works with Adobe development teams to identify, mitigate, and resolve the issue as quickly as possible using the following proven process:
For Adobe cloud-based services, we centralize incident response and decision-making, issue detection, and external monitoring in our Security Coordination Center, providing cross-functional consistency and fast resolution of issues.
The incident response process also includes the following ongoing proactive efforts to minimize threats and vulnerabilities within our products and services:
Adobe continuously monitors the threat landscape and invests in primary security research and telemetry information to ensure fast response to threats that target our products, services, or the Adobe cloud infrastructure.
Adobe works with email and cloud platform providers, customers, researchers, and partners to exchange information about potential threats and vulnerabilities. As new threats emerge, we share this intelligence across Adobe product teams in order to mitigate these threats and adapt our processes accordingly, enabling us to develop stronger security capabilities in all Adobe products and services.
We have established a priority rating system for all incidents so Adobe customers can implement the most appropriate security response for their needs within their specific organizations.
Our partnership with the Microsoft Active Protections Program (MAPP) is a supplement to the Adobe incident response process for desktop software. MAPP facilitates advance information sharing of product vulnerabilities with security software providers, such as antivirus and intrusion detection and prevention vendors, helping them reduce the risk of malicious coders exploiting the vulnerability.
When incidents that require customer attention occur, Adobe has a proven system across our products and services to alert you.
Adobe encourages customers, security professionals, and other members of the security community to report new vulnerabilities and incidents directly to us for swift and appropriate resolution. If you think you’ve discovered a potential vulnerability in an Adobe software product or service, use our feedback web form or send an email to PSIRT@adobe.com.