Global Secure Systems - Survey: Software flaws account for breaches at 62% of companies

Home

Affiliated Sites and Services

• Team Mermaid
• GSS Ireland

• 2010
• 2009 Archive
• 2008 Archive
• 2007 Archive
• 2006 Archive
• 2005 Archive
• 2004 Archive
• 2003 Archive
• 2002 Archive

• January
• February
• March
• April
• May
• June
• July
• August
• September
• October
• November
• December

About RSS feeds

Survey: Software flaws account for breaches at 62% of companies

More than 62% of companies experienced a security breach in the past 12 months due to insecure software, a survey conducted by Forrester has revealed. Forrester's "Application Risk Management in Business Survey" research, commissioned by application risk management platform supplier Veracode, surveyed more than 200 respondents from 180 different businesses across various industry sectors. Development, security and risk professionals across the U.K. and U.S. were interviewed.

Most security breaches were due to exploitation of vulnerabilities in their critical software applications.

Insecure software is a top priority for management and developers alike. While companies feel they know the makeup and business criticality of their mixed application portfolios, there is little confidence in the security quality of their applications.

The U.K. uses less open-source and outsourced applications extensively for business critical functions and has a lower of ratio of security personnel to developers, but the results in terms of breaches were in essence the same, the review concluded.

Only 34% of companies have a comprehensive software development life cycle (SDLC) that includes application security.

More than half of companies (57%) use outsourcing regularly for business critical applications. Yet only one-third of companies require rigorous security testing before accepting and implementing code from outsourcers.

The recession is also impacting security risk, as 64% of respondents stated that while application security is important to them, they are struggling to meet the challenge on existing budgets.

"The same economic forces driving enterprises to use third-party applications are also increasing the risk of insecure software," said Matt Moynahan, CEO of Veracode. "Given the prolific use of third parties to build business-critical applications, global enterprises need a single flexible and cost-effective solution to seamlessly test the security across their entire application portfolio regardless of whether it was built internally or externally."

Permalink Bookmark Digg this story

  |  About RSS feeds