Operating-system updates often get attention while business applications wait. Adobe’s security bulletin service covers products used for documents, design, publishing and web workflows, and those updates belong in the same governed patch queue.
Start with an accurate inventory of Adobe products and versions. Match it to current bulletins, read affected-version and priority details, and assign the update to an owner. Where a product is business-critical, test the change against essential plug-ins, templates and workflows.
The goal is not to install every update blindly. It is to make application patching visible, time-bound and evidenced. A documented exception with an owner and review date is safer than a silent delay.
Source: https://helpx.adobe.com/security/security-bulletin.html




