Looks like Adobe's name is mud with SANS too. In the August 4th SANS NewsBytes, Stephen Northcutt (president of the SANS Technology Institute) had this to say: 

I think organizations should avoid Adobe if possible. Adobe security appears to be out of control, and using their products seems to put your organization at risk. Try to minimize your attack surface. Limit the use of Adobe products whenever you can.

A solid recommendation given not only the number of vulnerabilities that have been uncovered in Adobe PDF/Flash software, but also the frequency with which those vulnerabilities are being exploited via the Web.