Product Security
 

Building stronger security into everything we do.


We've created clear, repeatable processes based on established research on common security issues, including the OWASP Top 10 and CWE/SANS Top 25 security issue lists, combined with automation that helps ensure consistent applciation of security controls.

Learn about our ongoing efforts.

Better detection and prevention rules

How we do it.

Our product and service organizations use the Adobe Secure Product Lifecycle (SPLC) process. This is a set of several hundred rigorous security activities spanning software development practices, processes, and tools that continuously evolves to incorporate the latest industry best practices. The Adobe SPLC is integrated into several stages of the product lifecycle, from design and development to quality assurance, testing, and deployment. 

Detection and prosecution

Dedicated security researchers.

A dedicated team of industry experts in building, deploying, and monitoring secure applications and services, the Adobe Secure Software Engineering Team (ASSET) works to help achieve the highest level of security for Adobe products and services. These experts consult with our development teams to help them constantly evolve our security efforts across all solutions. 

Preventing product fraud

Support within product teams.

Adobe maintains a robust program of “security champions” — developers and managers embedded within development teams who help implement the SPLC for their products. Security champions are part of our extended security team and work with our core security researchers to improve both their knowledge and the security of our products. 

Fraud education

Always learning.

The Adobe Security Certification and Security Awareness programs offer ongoing training to enhance security knowledge throughout the company. The programs provide a foundation for everyone at Adobe to understand security fundamentals, and serve as a path for individuals who want to become security leaders within their product teams. 

Read our white paper

Resources

Adobe secure engineering overview

Adobe has invested significant human and financial resources in creating security processes and practices that adhere to industry standards. We rely on a combination of training, guidance of experts, and automation of as many processes as possible to enhance security and help reduce human error. This white paper describes the evolution of Adobe’s strategy and philosophy around security practices during product and service engineering.


Building a security culture

Adobe believes that every data action or interaction should be conducted through a lens of security to help ensure the safety, privacy, and availability of our customers' data. To achieve this goal, we've created a culture of security that permeates our company, and that helps foster better security across all our products and services. Find out more about the programs and policies we've put in place.