A Vendor Perspective on Crowd Sourced Penetration Tests

Bug bounties, also known as crowd sourced penetration tests, are becoming increasingly popular. New programs are announced every month. At NullCon this year, there was an entire track dedicated to the topic where vendors and researchers could meet. For a security researcher, there are a ton of options for participating ranging from the self-run programs, such as Google’s, to participating on consolidated platforms like BugCrowd and HackerOne. However, for the vendor, the path into bug bounties can be somewhat complex and the most significant benefits are not always obvious. Here are some tips on how to get more from your bug bounty.
You should pick a team that has gone through several traditional penetration tests and where the ROI from those tests is trending down. If traditional consultants are still finding numerous bugs and architectural issues, your time and money would be better spent addressing the known issues and strengthening the architecture. Testing against a more mature development team can also benefit in other ways as you will soon see. A good crowd-sourced penetration test will involve both sides, researchers and development teams, being active in the bounty program.
If you have never done a bounty before, starting with short-term, private bounties will allow you to experience a few hiccups in a controlled situation. Be sure that you have planned out how to issue accounts to a large number of users and that the environment works when testing from outside your corporate environment. Try testing from home just to make sure it works.
Bounty guidelines
The large number of public bounties can serve as a baseline template for your test rules. As you review them, be sure to take note of their differences and consider what may have lead to those differences. A good set of bounty rules will be tailored to the service being tested. One of the less obvious components of a bounty announcement is how you describe your service to the tester. While the service may be extremely popular within your social circles, a researcher across the globe may have never heard of it. Therefore, be sure your bounty description provides an easy-to-understand description of what they are testing and perhaps a link to a short YouTube video that has your product pitch. The less time a researcher has to spend figuring out the goal of the service, the more time they can spend finding quality bugs.
Thematic issues
Penetration tests are typically scoped to a certain set of new features. However, crowd sourced penetration tests are often scoped across the entire service. Since traditional penetration tests are often focused on specific areas, they will not find issues in the connective code between features. Also, since the researchers are testing across the entire service, they are testing across the entire development team and not just within individual sprint teams. This may allow you to pick up on things that the overall team is consistently missing which can guide you as to where to focus energy going forward. For instance, if you have several authorization bugs, then is there a way to better consolidate authorization checking within the platform or is there a way to enable the quality team to better test these issues?
Critical bugs
Since the bounty hunters usually want to get top dollar for their efforts, they will often find more critical bugs. A critical bug is often the result of multiple issues that aren’t mentioned in the initial write-up. For instance, if they send you your password file, then there should be multiple questions beyond what type of injection was used in the attack. A few examples: Would egress filters on the network help? Do we need host monitoring solution to detect when the server process touches unexpected files? It is important to remember that these critical bugs aren’t just theoretical issues found through a code review. These vulnerabilities were successfully exploited issues found via black box testing of your infrastructure from a remote location.
Variant testing
If you have developers on hand during the bounty, then the developers can push the patch to the staging environment before the end of the program. You can then reach out to researcher and say, “Bet you can’t do that twice!”  You basically offer the researcher a separate bounty if they can find a variant or the same bug in a different API. It often isn’t difficult for the researcher to re-test something they have already tested. For the developer, they can get immediate feedback on the patch while the issue is still fresh in their minds. In my experiments at Adobe, losing that bet with the researcher is more valuable than the money it costs us because it typically identifies some broader issue with the platform or the process. This can be key for critical bugs.
Red Team/Blue Team
With a crowd sourced penetration test, you are likely testing against your staging environment or a dedicated server in order to minimize risk to your production network. A staging environment typically has low traffic volumes since only the product team is using it. However, during the testing period, you will have people from across the globe testing that environment and reporting the vulnerabilities that they are finding. For your response teams, this is an excellent opportunity to see what your logs captured about the attack. In theory, identifying the attack should be straight forward since the staging environment is low volume, you know what attack occurred, and you have a rough estimate of when the attack occurred. If you can’t find an attack in your logs under those conditions, then that is clear feedback about how your logging and monitoring can be improved. If you can save the logs until after the bounty has ended, this type of analysis can be done post-assessment if you don’t have the resources to play along real time.
A crowd-sourced penetration test can change up the routine you have established for finding issues. Like any change in routine, there can be a few challenges at first. However, when done well, they can provide a vendor with insights that they may have never obtained through the existing status quo. These are not a replacement for traditional consultants. Rather, the new insights into the platform can help you re-focus the consultants more effectively to get a higher ROI.
Peleus Uhley
Principal Scientist

Digital Experience Management Track at Adobe Summit EMEA 2016

Digital marketing has moved well beyond the “Hey, I have a website” stage. Consumers are now connected on a variety of devices through an ever-growing number of channels. Their expectations evolve as new options open up for them; now the customer sees an overall experience. Companies have to compete on the basis of customer experience, a finding that is corroborated by various leading studies. More than a channel for brands, customer experience has a profound impact on the business model and the way businesses need to run.
Most companies are aware of these trends. What is missing is an answer to the question, “OK, I know this is happening. What specifically does my organization need to do to meet this challenge?”
The Digital Experience Track at Adobe Summit will help business leaders understand their companies’ essential digital transformation, showing them how to approach digital technologies to deliver on the customer experience that people expect.
The sessions focus on three core competencies:

Building a digital foundation for delivering experiences
Delivering more relevant content faster than ever
Connecting these experiences among an ever-growing number of channels and devices

Marketers will see how mobile is the “supersize me” element that weaves through these areas, either exacerbating problems or opening new opportunities.
Here are my recommended sessions for Adobe Summit this year. I have included some general ones and some that are industry-specific.
EM9: Anatomy of the Experience-Led Business
This session will give you a holistic view based on the latest research, innovations, and examples to guide your digital-transformation journey. It will also give insights into the anatomy of an experience-led business. Understand how the different components needed for digital-experience management fit together, and how they must evolve in a world that is evermore flooded with Internet of Things.
EM5: What’s new in AEM Sites 6.2: Top 10 hottest features
Come and discover the top ten digital experience management must-haves, which all organisations need to be successful. We’ll walk you through the top innovations in AEM Sites and show you how you can get a leg up on the today’s constantly evolving digital landscape.
EM1: Create order out of chaos: Produce engaging content in record time
Joins us to learn how to leverage newest features of Adobe Experience Manager to deliver personalized digital experienced at higher scale. Learn how to close the gap in the creative process, perform content testing and what unexpected sources of content you can tap into.
EM12: Ready for the world: Is your strategy truly global?
Discover how to leverage automation to set up site structures for global content deployment. Learn hands-on how to use Experience Manager content translation capabilities to deliver better global digital experiences.
S813 – Maximum Content Velocity With Adobe Creative Cloud and Experience Manager
Is your team prepare to create and manage content at a global scale? In this session, we will share tips and tricks on how a leading brand leverages the Creative Cloud AEM to create, manage and deliver more content than ever before.
For a complete list of sessions please refer to the Summit website. We are looking forward to seeing you at Adobe Summit in London!

Design a tri-fold brochure in Adobe FrameMaker

In collaboration with Gauri Arankalle Panicker and Nandini Gupta
If you are an avid Adobe FrameMaker user, you are already creating technical content in various formats using FrameMaker. Do you know that you can also put on your designer’s hat and create attractive marketing content in FrameMaker?
In this post, we will tell you how we have designed a great-looking tri-fold brochure using Adobe FrameMaker. Besides printing the brochure, you can host it on various mobile and hand-held devices and share it across platforms. Sounds like an easy way to spread the word about your product or service, right?

To start with, plan the layout for the tri-fold brochure according to the size of the paper you want to use for printing. Decide whether you want to lay out the content in portrait mode or landscape mode. You should consider margins on all four sides and between the folds to avoid text or image overlapping.
Given below is a depiction of a tri-fold brochure to be printed on an A4 sheet in landscape mode.

The dimensions of a standard A4 sheet are 29.7 cm X 21cm. So we have added three columns with a width of 9.2 cm and a margin of 0.5 cm across the four sides and the folds.
Note: FrameMaker supports columns of equal widths only, so we recommend margins between the folds to let the brochure fold appropriately. You can choose to fold along the text or graphic frames instead of margins to make up for unequal column widths.
Follow these steps to create the brochure:

Launch Adobe FrameMaker. To set a new page, click Create New > Document on the welcome screen.
To start setting up the brochure page on a blank paper, click Custom in the New > Use Blank Paper section.

The Custom Blank Paper pod is displayed.

 Define the Page Size, Number of Columns, Column Margins and Pagination fields and click Create. For a tri-fold brochure to be printed on an A4 sheet in landscape mode, use the following dimensions:

View the presentation below to understand the layout of the brochure. For a double-sided brochure with the setting as Right 1st Page, this is how the brochure pages are set up. The numbers assigned mark the faces of the brochure. The column marked “1” is the first face. Similarly, after folding, column marked “6” is the bottom face.

 Place text and graphic frames on both the sides of the brochure. In the Graphics toolbar, click  to place a text frame, and click  to place a graphic frame. You can also draw various shapes and define colors using the graphics toolbar. To view the Graphics toolbar, click View > Toolbars and check Graphics Toolbar in FrameMaker.

This is how the front face of the brochure will look after the placing the text and graphic placeholders in FrameMaker.
Fill the frames with text and graphics as per your requirements.

Repeat the steps for the back face of the brochure.

To view the final output, save the .fm file as PDF. To do so, click File > Save as PDF. The two faces of the brochure are completed.

Get the PDF printed on an A4 sheet in landscape mode. Shiny, new brochure will be ready for distribution.
One of the biggest advantages of using FrameMaker for creating artifacts is that FrameMaker offers powerful single-sourcing capabilities. You can design once and reuse or repurpose the content multiple times. For example, imagine that you need to create marketing collaterals for multiple countries or geographies while maintaining the same design language. So a lot of content reuse is required. That’s where FrameMaker comes in handy and can save you the hassle of maintaining multiple copies of the source.
For more information about page layout, see Change page layout on specific pages.

eIDAS : pour tout savoir à propos du nouveau règlement de l’Union Européenne sur les signatures électroniques

Le règlement (UE) n° 910/2014 sur l’identification électronique et les services de confiance pour les transactions électroniques au sein du marché intérieur (eIDAS) a été adopté par le Conseil de l’Union européenne le 23 juillet 2014. Il établit un nouveau cadre juridique autour de l’identification, des signatures, des sceaux et des documents électroniques au sein de l’Union européenne.
Le règlement eIDAS entrera en vigueur le 1er juillet 2016 et remplacera alors la directive européenne actuelle sur les signatures électroniques. Autre point tout aussi important, les lois des États membres non conformes au règlement eIDAS seront automatiquement annulées, remplacées ou modifiées. Pour la première fois, l’Union européenne disposera donc d’un cadre juridique homogène et d’un marché unique pour la reconnaissance des signatures électroniques et des identités sur tout le territoire. Cet environnement réglementaire prévisible permettra aux entreprises du secteur privé de développer et d’intensifier l’utilisation des transactions et signatures électroniques au sein de l’Union européenne.
En 1999, la Commission Européenne publiait sa première directive sur les signatures électroniques (Directive 1999/93/CE). Les États membres étaient libres de l’interpréter et d’imposer leurs propres restrictions, limitations et exceptions. L’Europe s’est donc retrouvée avec tout un patchwork de lois en la matière. Si l’Australie et la Suède ont adopté des versions très strictes, le Royaume-Uni, par exemple, a établi des lois beaucoup plus souples que celles des États-Unis. Pire : aucun des États membres n’a adopté les mêmes standards techniques pour leur implémentation, ce qui a interdit la création d’une réelle interopérabilité. Cette fragmentation a nui aux objectifs d’évolution vers un marché unique de l’Union européenne.
En 2011, la révision de la directive est devenue l’une des grandes priorités de la Commission Européenne. Pour remédier à ces faiblesses et développer un marché numérique unique, la révision engagée a abouti trois ans plus tard à l’adoption d’un nouveau règlement. Le principal objectif de ce règlement était de garantir la confiance à l’égard des signatures électroniques et de créer les conditions pour leur reconnaissance mutuelle par les États membres.
Le nouveau règlement
Il est important de noter que le règlement (UE) n° 910/2014 est plus contraignant qu’une directive. Comme indiqué plus haut, les directives énoncent des principes juridiques, mais laissent les États membres libres de l’interprétation et de la mise en œuvre. Les règlements, en revanche, sont des lois Européennes directement applicables aux États membres. Ainsi, l’un des aspects les plus importants de la nouvelle loi est son application uniforme sur tout le territoire.
Concrètement, le règlement eIDAS comprend deux volets. Le premier porte sur les systèmes d’identification électroniques reconnus par les administrations et établit un cadre juridique autorisant la reconnaissance mutuelle des moyens d’identification utilisés par les différents États membres. Ce volet concerne le secteur public et exige d’un État membre qu’il autorise les administrés des autres pays de l’Union Européenne à utiliser leurs propres identifiants électroniques pour accéder à ses services en ligne. Bien que les services développés pour le secteur public soient susceptibles de s’appliquer aux entreprises du secteur privé, ces dernières ne sont pas directement concernées par cette partie du règlement eIDAS.
Le second volet porte sur les signatures électroniques. Il clarifie les règles existantes et introduit un nouveau cadre juridique pour les sceaux et signatures électroniques. Il ne contraint toutefois pas les prestataires de services à revoir fondamentalement leurs méthodes de travail. Le règlement eIDAS prévoit, par exemple, d’accorder une meilleure garantie juridique à ceux qui suivent les règles élaborées dans le but d’améliorer la fiabilité de leurs services.
Impact du nouveau règlement sur les signatures électroniques
Comme indiqué précédemment, à compter du 1er juillet 2016, le règlement eIDAS abrogera la directive actuelle sur les signatures électronique et remplacera automatiquement les lois nationales non conformes en Europe.  Examinons quelques-uns des principaux changements apportés au statut des signatures électroniques.
L’article 25 du règlement conserve la disposition fondamentale selon laquelle les signatures électroniques et les services de vérification sont recevables comme élément de preuve dans le cadre d’une action en justice. Cela concerne notamment les signatures électroniques, les sceaux, les horodatages, les services de livraison référencés et les certificats d’authentification web.
Le règlement eIDAS définit les entreprises délivrant ces signatures électroniques, ces sceaux et ces horodatages comme des services de confiance. Il va même plus loin en établissant une distinction entre les services de confiance qualifiés et non qualifiés. Si ces concepts étaient déjà inclus dans la directive de 1999, ils se limitaient aux services de certification. Ils sont désormais beaucoup plus détaillés. Le règlement eIDAS fournit une définition plus claire des services de confiance, dont les opérations n’ont jamais été autant réglementées et surveillées. L’objectif de ce contrôle est de renforcer la confiance dans les transactions numériques et d’encourager les individus à les utiliser en leur démontrant leur fiabilité, leur sécurité et leurs avantages par rapport aux signatures manuscrites.
Signatures électroniques
Dans le règlement eIDAS, la définition de la signature électronique demeure inchangée. Le principe fondamental selon lequel la valeur juridique d’une signature électronique, de même que son admissibilité comme élément de preuve, ne peuvent être contestées au seul motif de son format, continue à s’appliquer.
Signatures électroniques avancées
Le principal changement du règlement concerne la redéfinition des signatures électroniques avancées. Ce type de signature – contrairement à ce qui est défini dans la directive actuelle – autorise une identification et une authentification uniques du signataire d’un document et permet de vérifier l’intégrité du contrat signé. Cette authentification est généralement assurée via la délivrance d’un certificat numérique par une autorité de certification. Tout d’abord, le signataire reçoit un certificat. Durant le processus de signature, ce certificat est lié au document au moyen de la clé privée dont le signataire est le seul détenteur. Un sceau infalsifiable est également ajouté pour protéger l’intégrité du document. Lors du processus de validation, la clé publique correspondante est extraite de la signature et permet à la fois d’authentifier l’identité du signataire via l’autorité de certification accréditée et de confirmer qu’aucune modification n’a été apportée au document depuis sa signature. Si ces certificats existent depuis longtemps, le règlement eIDAS autorise le signataire à utiliser les toutes dernières technologies, notamment les terminaux mobiles, pour effectuer ses démarches.
Signatures électroniques qualifiées
Le dernier type de signature défini dans le règlement eIDAS concerne les signatures électroniques qualifiées. Si les signatures avancées et qualifiées sont exclusivement liées au signataire, les secondes sont basées sur des certificats qualifiés. Ces certificats ne peuvent être délivrés que par une autorité de certification accréditée et supervisée par des instances désignées par les États membres, et sont conformes aux dispositions du règlement eIDAS. Les certificats qualifiés doivent être stockés sur un dispositif sécurisé de création de signature, tel qu’une carte à puce, un jeton USB ou un service de confiance basé sur le cloud.
Les signatures électroniques qualifiées sont doublement importantes, car il s’agit du seul type de signature à avoir la même valeur juridique qu’une signature manuscrite et à pouvoir garantir la reconnaissance mutuelle de sa validité par l’ensemble des États membres. Cette reconnaissance mutuelle est essentielle pour créer un marché unique Européen.
Sceaux électroniques
Enfin, le règlement eIDAS prévoit la reconnaissance des sceaux électroniques. Ces derniers s’apparentent à des signatures électroniques mais sont réservés aux personnes morales. Leur utilisation devrait permettre de minimiser le rôle du « signataire autorisé ». Ainsi, chaque entité disposera d’un sceau unique dont chaque utilisation sera supposée engager ladite entité, surtout dans le cas de sceaux électroniques qualifiés.
Même si la Commission Européenne continue de publier des actes de mise en œuvre et que le cadre de normalisation associé n’est pas encore finalisé (il devra l’être avant le 1er juillet 2016), les clients utilisant des signatures électroniques doivent prendre connaissance du nouveau règlement, notamment des dispositions uniques d’identification électronique et des mesures de surveillance plus strictes qui s’appliqueront aux prestataires de services de confiance. L’importance des signatures électroniques qualifiées doit être clairement soulignée dans les plans opérationnels de l’Union Européenne.

Dan Puterbaugh
Dan Puterbaugh est directeur et Associate General Counsel chez Adobe. Puterbaugh et son équipe soutiennent Adobe Document Cloud. Document Cloud inclut Adobe Acrobat DC et  Reader DC, ainsi qu’une suite de services de documents basée sur le cloud, dont Adobe eSign. Il  s’occupe également du développement commercial d’Adobe ainsi que des accords stratégiques. Il a rejoint Adobe Systems en 2008 en tant que chef du département juridique pour la solution de document d’entreprise d’Adobe, LiveCycle. Avant de rejoindre Adobe, Puterbaugh a passé sept ans comme assistant du conseiller général chez  Intuit Inc., un fournisseur de solutions de management business et financières pour les consommateurs, petites et moyennes entreprises et comptables professionnels. Pendant ce temps, il était avocat principal sur tout le développement de produits à l’échelle de l’entreprise, dont l’établissement et le soutien quotidien aux opérations de développement de l’entreprise à Bangalore. Puterbaugh est membre de l’Ordre du Barreau de Californie. Il a reçu son doctorat de juriste de l’Université Santa Clara. Il réside actuellement dans Los Gatos, CA.

Seen This Week: Portland Artists Design Apps to Save the Planet

[slideshow_deploy id=’17490′]
This week, artists in Portland turned green. We hosted a Creative Jam session and challenged nine design duos to develop apps to reduce Portland’s carbon footprint. Running on unlimited creative freedom; three hours; local beer, wine and soda; and Adobe Experience Design, the teams developed Earth Day-inspired eco-apps. Winners included an app that lets users calculate their personal carbon footprints, and a futuristic tool for energy sharing. Check out a video and details here.
Creative Jams are the “Top Chef” of the creative world—we tap local creatives through their Behance portfolios, and invite them to a no-ideas-barred three-hour creativity tournament. Each Jam has a secret theme that we reveal just before the clock starts ticking. Artists work in pairs for a fast and furious three hours to design something original and inspired using Adobe Creative Cloud tools, and then judges and attendees choose winners. Past Jams include a San Francisco competition based on the Picasso quotation, “Every act of creation is first of all an act of destruction,” and a Tokyo challenge inspired by Yukichi Fukuzawa’s “The pen is mightier than the sword.” Check out video highlights of the events:
During Creative Jams, the attendees who aren’t competing listen to talks by local thought leaders and mingle, sharing work and ideas with other artists in their communities. “The Creative Jam is a great way for top designers in the city to share their process with a broader audience. It is so inspiring to see what everyone makes,” says Liz Schmidt, Senior Community Manager, Creative Cloud, Adobe.
Last year, we hosted 30 Creative Jams, and we’re scheduling two to three per month around the world this year. Check out the Creative Jam Behance Gallery to see all of the work created to date and follow us here to keep up on the latest.

It’s All About the Title: 3 Tips for Naming your Stock Images

Adobe Stock contributors have the opportunity to share their work with the world’s largest creative community. When submitting assets to the Stock library, pay special attention to the naming of your files. A good asset title helps users find your content and provides useful information about your asset, while helping you create some cash. With this in mind, we’ve put together a few tips to help you optimize your asset titles and increase awareness of your content in our Stock library.
Keep it relevant
With regard to the Adobe Stock search engine, your asset titles play as much a role as your keywords for file relevancy. It’s best to keep it short and simple, keeping your title to 5-7 works. You want to be descriptive, but asset titles that are too long can hurt your chances of visibility.
Keep it simple
This may be stating the obvious, but it’s best to keep things simple. Try to think in the mindset of your customer and get an understanding of what keywords your audience might search for. Types of keywords to keep in mind are activity, location, mood, and color.
Keep it PC
The Adobe Stock team filters content and removes assets that can be perceived as inappropriate or offensive. When naming and sharing your assets, it’s important to keep things PC and ensure that your content is respectful.
We hope that following these guidelines for future file submissions will help your work be seen and licensed! For inspiration, check out a few examples of great titles below.
Young people hanging out by swimming pool / Jacob Lund / Adobe Stock
Pit bull in a hat and tie. Dog vector. / Vitalygrin / Adobe Stock
Young woman on white retro bicycle in studio. The sunlight from the window. Close-up on bike / Diignat / Adobe Stock

How to Create Mini Planets for Earth Day with Adobe Stock & Adobe Photoshop CC

To celebrate Earth Day, we’re sharing this super simple and fun way to create your own mini planets using Adobe Stock images in Adobe Photoshop CC.
First, choose an image from Adobe Stock (we’re working with this one.) Next, open it in Photoshop.
Kesipun / Adobe Stock
Depending on the result you want, you can rotate the picture (Image > Image rotation > 180°). That’s what we did here.
In the Image menu, select Image Size. Uncheck “Scale Styles” and “Constrain aspect ratio”.

In the “Height” field, type the same value as in the width field and press OK (for example, if the width is 3000, type 3000 in the height field). You get a square and stretched image.

In the Filter menu, select Distort > Polar Coordinates. Check “Rectangular to Polar” and press OK. And that’s it!

You can rotate the picture again, and use for example the Smudge Tool for a better result.

And here’s the finished piece…..

Get creative – you can do this with all types of images. Or you can check out a selection of pre-made mini planets by Adobe Stock contributor David Arts.
Davidarts / Adobe Stock
Davidarts / Adobe Stock

Moving Beyond Earth Day: A “Small” Change with Significant Impact

Every year, Earth Day marks an important milestone in the sustainability movement—rallying people, government and businesses around the world to focus on sustainability and preservation of the environment. Despite my appreciation for Earth Day, focusing so much attention on a single point in time carries risk—the risk that attention will be lost for the rest of the year.
So I’d like to help keep attention on sustainability beyond just today by sharing the impact of paper document use, the paperless practices some brands have implemented, the results they’re seeing, and where to start in your organization.
The Impact of Paper-based Practices
Making paper requires tremendous amounts of wood, water and fossil fuels. Mashable discussed this point on Earth Day 2015, backed by data from the Clean Air Council and the EPA, with a great infographic. Here are some more quick facts:

The average U.S. office worker generates approximately 2 pounds of paper and paperboard products every day;
Among U.S. companies alone, 30 billion paper documents are printed or copied each year;
500 paper documents are signed by the average authorized employee each year; and
Corrections, revisions and updates on printed documents contribute to 90 percent of all office waste in the U.S., and the remaining 10 percent is taking up space in storage facilities

To the extent we can keep more documents in the cloud and off the printer, the lower the impact directly on our environment, hence greater sustainability.

Calculating the Impact
Many brands want to operate more sustainably, but need to justify any move with a significant amount of data to support a reasonable return on investment (ROI). The good news is, there are means to estimate impacts based on specific actions and they’re far easier to implement than one might think.
For example, non-government organizations like the Environmental Paper Network and the Environmental Defense Fund have collaborated to provide an estimate of the environmental impact of paper-based practices. In partnership with them, we’ve posted it as our Resource Saver Calculator on Adobe.com. Although sustainability leaders understand that at times calculations made by such tools may be questioned by the paper industry and others, this calculator provides a set of impacts that drive home the point that reducing paper dependency can lead to measurable outcomes.
Forward-leaning companies typically pay more attention to sustainability than simply greenwashing their messages. Let’s look at some real-life ways Adobe and our customers are getting more sustainable by transitioning to digital from paper.

Documents created, signed, shared, and stored in Adobe Document Cloud drive a 90 percent cost savings and 91 percent reduction in environmental impact compared to paper-based processes.
In 2015 alone, the total transactions completed with Adobe eSign saved the equivalent of 14 million pounds of wood and 43 million gallons of water—at a cost savings of over $10.4 million (US). That’s significant.
In 2015, Adobe announced its commitment to power operations and digital delivery of products with 100 percent renewable energy by 2035. We are committed to leading by example, encouraging our customers to move from paper- and resource-heavy processes to electronic signatures powered by renewable energy. Today Adobe’s Procurement and Legal teams are running on paperless processes and the success from their transition is creating adoption by other groups including People Resources (HR at Adobe) and IT.

Successful Sustainability Practices
Examples of the impact of sustainable document management are everywhere. Take government, for example. The Washington Local Government Association reduced paper consumption by more than 50,000 printouts by moving to electronic signature workflows and supported sustainability goals by reducing paper consumption and printing supplies by more than 80 percent. The City and County of Denver improved sustainability practices by delivering contracts, agendas, and other documents as PDF files. And they lowered cost of ownership by reducing the number of software versions supported to a single license.
Using data from the Mashable article, if the U.S. alone cut its office paper use by just 10 percent by moving to digital workflows, it would reduce its greenhouse gas emissions by 1.45 million metric tons. That’s the equivalent of taking 280,000 cars off the road for an entire year.
What Can You Do?
Brands from large to small are taking sustainability seriously. Are you looking at ways to improve sustainability in your business or enterprise? You can start by examining how you can reduce the vast wood resources, water and fossil-based energy that paper production and waste demands.
A great place to start is by visiting environmentalpaper.org or EDF.org.

Hidden Gems in Acrobat DC: Splitting Apart PDF Files

There’s nothing better than a well-organized document. PDF files with hundreds of pages can be cumbersome to navigate, but bookmarks turn a potential nightmare into a dream. Like a virtual table of contents, bookmarks can help you and your coworkers identify portions of a document that need your attention. Sometimes, though, less is more. You may only want to share a specific portion of a document with someone, rather than asking them to wade through an information overload. Luckily, Acrobat DC allows you to use bookmarks to break apart large PDF files.
Any top-level bookmark can be used to create individual PDF files from a larger one. Check out how:
1. Open the Bookmark navigation pane. Use Ctrl or Cmd + B to create a bookmarks on each page you want to break apart.

2. Type the word “split” in the Tools Search window and select Organize Pages.

3. Select Split from the toolbar. Choose Top level bookmarks from the dropdown and then run the Split command.

4. A confirmation dialog appears when the process is complete.

No more slogging through miles of content just to find one specific section. Awesome.

Think you know everything there is to know about Acrobat DC? Think again! Learn about more hidden gems by taking a look at the “Learn” section of our blog.
Not yet an Acrobat DC user? Sign up for our free 30-day trial.

Creative Jam Challenges Designers to Reduce Portland’s Carbon Footprint

Just after 8PM, things started to get intense. Heads were down, cursors were flying, and colors were bursting on screens lined up in a row. In the distance, a countdown was projected on a large screen – less than an hour to go. Surrounded by a couple hundred peers watching as they worked, nine teams of two were rising to the UX Design Creative Jam challenge they were given only three hours to complete.
A hackathon of sorts for designers, Adobe Creative Jams bring together local creatives to tackle a design challenge in teams. While they work, other attendees hear presentations by local thought leaders and get opportunities to talk shop, take in local art, and more. Our recent Jam in Portland was held at XOXO Outpost in the city’s east side. We took over 13,000 square feet of industrial space and continued the venue’s tradition of making creative things happen.

The Portland Creative Jam Challenge
In the spirit of International Earth Day, teams were challenged to design an app which would help reduce Portland’s carbon footprint. With total creative freedom, and Adobe Experience Design loaded on their machines, ideas started to emerge. The food truck eats from Bunk Sandwiches, gourmet Blue Star Donuts, as well as the local beer, wine, and soda helped get creative juices flowing.Check out the venue and watch the teams get started:

Three hours after the Jam kicked off, the teams took the stage to present what they created. Watch the reveal presentations and awards:

The Winners
First Place: Team Lazer Dragons
City Vibes Portland – An app that visualizes your carbon footprint based on data you input.
Second Place: Team VREUGDE
GridMi – Futuristic app based on the concept of energy sharing for incentive.
Third Place: Team Orange Peel
Sunday – Daily challenges to reduce your carbon footprint.
People’s Choice: Team Tetsuo
Protestify – An app that lets you start, engage, or find an environmental protest digitally.
View all of the projects from the challenge on Behance, and ‘Follow’ the Creative Jam account to stay up-to-date on future work.
Hope to see you at a future event! Find out if a Creative Jam is happening in a city near you.