Damon Cooper's BLOG
Viewing By Entry / Main
September 28, 2004
Going Through Security
It's that time again in the development cycle when we gather up our wares and bring in the pros to take the product apart, turn it inside out and upside down, and perform the first Product Security Audit of the Blackstone release.

More will follow as we continue past milestones and freezes, but the first one is always where I reflect a bit on past releases, Security Bulletins, coding and QA practices, and do some self-examination about whether we've done enough to help ensure product and customer safety.

My father worked at International Nickel Company (INCO) in Sudbury, Ontario, Canada, and I remember a "take the family to work" day, where we got to see the giant machines and processes in place to turn ore into precious metal, and remember the larger-than-life bright yellow and orange warning signs everywhere, the safety stats posted for each work area, and the "SAFETY FIRST" signs everywhere.

Today, I think many software companies would do well to place similar signs around their workplace to help keep everyone reminded of their priorities, their responsibility to customers, and the dangerous place the world has become, where our products can be all that stands between customers and those who would harm them.

We've had a hard look at the vulnerabilities that we've had to patch, and while we've improved dramatically in the past few years in terms of our processes, priorities, responsiveness and quality, we can always do more, and we're working very hard this release, and spending a very considerable sum to help ensure that ColdFusion Blackstone release is the most secure release ever.

Be sure to visit the Macromedia Security Zone and sign up for automatic Security Bulletin notifications if you haven't already, and we'll notify you if there's a product-related security issue or patch you need to know about ASAP.




Welcome aboard! It wouldn't hurt to have security bulletins published as RSS also -- that way we could add alerts to aggregators like Fullasagoog (http://www.fullasagoog.com/) and increase awareness.

Great idea. I'll pass this along. Thanks for the suggestion!

It turns out we do feed Security Bulletins out via the Macromedia product notifications RSS feed here: http://markme.com/notifications/

Subscribe to the individual product feeds you're interested in/own from that link and you should be covered!