Information Protection and Security

It's true that Adobe is getting better at the security game, but they've far from proven themselves. It's also possible that service providers can play some role in forcing users to apply updates, although there's no real sign of that yet.
Article link

On Sept. 29, the Common Vulnerabilities and Exposures database celebrates its 10th anniversary of giving researchers, software vendors and developers a tool for identifying and sharing information about security vulnerabilities in software.

A report issued by The SANS Institute finds enterprise security efforts focused on fixing low-priority flaws at the expense of serious application vulnerabilities.
Article link

Mozilla has expanded on the plans they acknowledged yesterday to check the version of Flash you are running to make sure that it's not outdated.
Article link

Microsoft has released 5 security bulletins for Windows and updates to address the 8 vulnerabilities described in them. All 5 bulletins have a maximum severity rating of "critical," but some Windows versions are affected more severely than others. The recently-announced vulnerability in the IIS FTP service is not addressed, nor is this morning's new SMB2 vulnerability.
Article link

Researchers at Fortify Software have compiled a list of the most common vulnerabilities found in PHP code. Here is what they found, and some advice on what developers can do about it.
Article link

Apple has released Safari 4.0.3 on both Mac and Windows to address a series of vulnerabilities in previous versions.
Article link

Researchers in Finland have found a series of flaws in the eXtensible Markup Language (XML) libraries that could pose a serious security risk.
Article link

Two days after disclosing two vulnerabilities that had been fixed in Firefox 3.5 (which had been released weeks before), Mozilla has disclosed 4 more vulnerabilities, 2 of them critical, and released new versions of Firefox to address them.
Article link