The Adobe Secure Product Lifecycle (SPLC)
Integrated into several stages of the product lifecycle—from design and development to quality assurance, testing, and deployment— the Adobe Secure Product Lifecycle (SPLC) is the foundation of security at Adobe. A rigorous set of several hundred specific security activities spanning software development practices, processes, and tools, the Adobe SPLC defines clear, repeatable processes to help our development teams build security into our products and services and continuously evolves to incorporate the latest industry best practices. Adobe security researchers provide full SPLC guidance for our products and services based on an assessment of potential security issues. Complemented by continuous community engagement, the Adobe SPLC evolves to stay current as changes occur in technology, security practices, and the threat landscape.
The Adobe SPLC is organized into four key areas reflecting the full design, development, deployment, and ongoing operational lifecycle of Adobe products and services. SPLC controls include service roadmaps, security tools, and testing methods that guide the security team to help address the Open Web Application Security Project (OWASP) Top 10 most critical application security flaws and CWE/SANS Top 25 most dangerous software errors.