In March, I dinged Adobe for its handling of a zero-day. It seems its customers must have been putting on the pressure, as well, according to this Adobe blog post the company is going to be focusing on hardening its legacy code, improve its response time to zero-day and vulnerability discoveries, and provide a more consistent patch publishing schedule:
Since February, Adobe Reader and Acrobat engineers have been executing a major project focused on software security. Everything from our security team's communications during an incident to our security update process to the code itself has been carefully reviewed. Security is an ongoing process, so while we believe our plan will eliminate or mitigate many potential security risks, we are also working to enhance our ability to respond to externally found vulnerabilities in Adobe Reader and Acrobat in the future.
In particular, we have focused this security effort in three major areas: