I use Photoshop, literally, every single day. I have used it since version 3 when we installed it in the new media lab at Duquesne and it came out on eight 3.14″ floppy disks, before it had layers. I have purchased it, beta’d version 6, and even received a copy of 5.5 last year from Adobe. Like I said, big fan.
So I was disheartened this past week when Adobe announced they had found a security issue in Photoshop CS5.5. The good news: they let everyone know about. The bad news: they wanted people to pay to upgrade at CS6 in order to fix the flaw, which is basically unheard of. From the security bulletin:
Adobe has released Adobe Photoshop CS6 (paid upgrade), which addresses these vulnerabilities. We are in the process of resolving these vulnerabilities in Adobe Photoshop CS5.x, and will update this Security Bulletin once the patch is available.
I could understand if this was a $0.99 app. Photoshop and the Creative Suite is an expensive piece of software. It’s worth every penny, but it’s an expensive upgrade, especially considering that CS5 came out in April, 2011.
The web, unsurprisingly, lost its collective mind about Adobe not issuing a patch for CS5, a product it still claims to support. I saw many tweets, posts and tumbles about it last night and this morning.
Now comes word that Adobe is changing its position and will update CS5 with a patch at an undetermined time. From their blog:
We are in the process of resolving the vulnerabilities addressed in these Security Bulletins in Adobe Illustrator CS5.x, Adobe Photoshop CS5.x (12.x) and Adobe Flash Professional CS5.x, and will update the respective Security Bulletins once the patches are available.
The good news is that Adobe has seen the error of its ways and will issue a patch. What I wonder is how such a decision was made in the first place. If there has been a security patch for any type of software, operating system or not, it’s always been patched. Heck, even Microsoft says it will issue security patches and other fixes for Windows XP until 2014, and it came out in 2001.
How far up the chain of command did this idea go, and why didn’t someone along the way say “hey, people are going to freak out about this”? Now that we’re firmly in the social age, a company such as Adobe must realize that the word of something like this can spread around the globe in literally seconds.
tl/dr; Adobe will patch Photoshop, but at what cost to its image and reputation?
It doesn’t look like Adobe ever said “We will not fix this for CS5.5.” Take a second read of their original bulletin, which you quoted: ‘We are in the process of resolving these vulnerabilities in Adobe Photoshop CS5.x, and will update this Security Bulletin once the patch is available.” See? They were already working on it.