Adobe Application Security At Adobe, building applications in a “secure by default” manner begins with the Adobe Application Security Stack. Combining clear, repeatable processes based on established research and experience with automation that helps ensure consistent application of security controls, the Adobe Application Security Stack helps improve developer efficiency and minimize the risk of security mistakes. Using tested and pre-approved secure coding blocks that eliminate the need to code commonly used patterns and blocks from scratch, developers can focus on their area of expertise while knowing their code is secure. Together with testing, specialized tooling, and monitoring, the Adobe Application Security Stack helps software developers to create secure code by default. Secure Security Features | Secure-by-Default/Paved Paths Building Blocks Custom Security Static Analysis | Root Cause Analysis | Connecting the Dots Automation Dynamic Analysis | Scalable Testing Framework | Inventory Tools reat Model (Automated) | Soware Composition Analysis Static Analysis | Dynamic Analysis Process Trust Modeling (Manual) | Ticketing | Dashboards Figure 6: The Adobe Application Security Stack Adobe also maintains several published standards covering application security, including those for work specific to our use of Amazon Web Services (AWS) and Microsoft Azure public cloud infrastructure. These standards are available for view upon request. For more information on Adobe application security, please see the Adobe Application Security Overview. 12