One of the selling points we make about corporate blogging is that it gives the company a chance to tell its story.  My post from Tuesday gave credit to software vendor Aurigma for using its blog to discuss a recently found vulnerability its Image Uploader ActiveX control.

Today, there is news that Adobe is shipping an update to it's freely distributed Reader product, and it provides an interesting contrast with Aurigma.  Quoting an article from computer trade publication InfoWorld:
Users are urged to upgrade to version 8.1.2, available for download on Adobe's Web site.
Adobe has not given out details of the vulnerabilities, even though the company has a section on its Web site detailing security advisories for Reader.
At least for now, Adobe has chosen to not tell its story about this problem.  Reading further on down in the article:
That could indicate that the vulnerabilities are fairly serious and could result in a compromised PC, said Thomas Kristensen, chief technical officer for Secunia, a security vendor in Denmark.

Secunia is performing a binary analysis of the old and new versions of Reader to figure out the vulnerabilities. However, that analysis takes one to three days, Kristensen said.

This reinforces the flipside of the storytelling argument.  If you don't tell your story, someone else will.  It could be a severe issue, or it could be trivial.  What Adobe is risking by nondisclosure is the loss of customer trust.  As PDF has grown from a platform agnostic, appearance preserving format into a more feature rich medium that provides interactivity and scripting, it has become a target for malicious coders.

If Adobe fritters away it's trust, it's current boom might fade into history.