SoylentNews

takyon [soylentnews.org] writes:

Adobe is showing that it can be transparent about its security practices [arstechnica.com]:

Having some transparency about security problems with software is great, but Adobe's Product Security Incident Response Team (PSIRT) took that transparency a little too far today when a member of the team posted the PGP keys for PSIRT's e-mail account—both the public and the private keys. The keys have since been taken down [adobe.com], and a new public key [adobe.com] has been posted in its stead.

The faux pas was spotted at 1:49pm ET by security researcher Juho Nurminen:

Oh shit Adobe pic.twitter.com/7rDL3LWVVz [twitter.com]
— Juho Nurminen (@jupenur) September 22, 2017 [twitter.com]

Nurminen was able to confirm that the key was associated with the psirt@adobe.com e-mail account.

Also at The Register [theregister.co.uk] and Wccftech [wccftech.com].

Original Submission