LOGIN | REGISTER NOW | SUBSCRIBE
 
Print

Forrester: Companies still not using secure practices


By Suzanne Kattau


 Suzanne Kattau
Email
September 20, 2012 —  (Page 1 of 2)
Developers still need to better integrate security into their development practices from the earliest stages, according to “The Software Security Risk Report,” a recently published Forrester Research study conducted to examine app security and testing practices.

The study’s respondents—240 North American and European software development influencers from companies that develop Web apps—cited a lack of security technologies suitable for development among the reasons why 51% of them had at least one Web app security incident in the prior 18 months.

“The survey found that software security-related incidents are still common and the consequences can be severe,” said Chenxi Wang, VP and principal analyst at Forrester and author of the report. “Software security practices, generally speaking, are far from mature. Many companies are still struggling with eliminating the most basic security flaws.”

The study, commissioned by development testing tool provider Coverity, found that security incidents are still both prevalent and expensive; code volumes and business demands often sideline security; too few companies employ secure development practices; and developers struggle with legacy security tools. “In general, we see misaligned goals for developers and the security side of the house,” Wang said. “This can lead to challenges (when trying) to embed security measures upstream in the development process.”

According to the report, security risks are still present and the problem is not going away. The No. 1 reason given—from 79% of the survey respondents who had breaches—was that they can’t keep up with the quantity of code. “It’s similar to the cost-quality-time triangle,” said Jennifer Johnson, VP of marketing at Coverity. “You just replace quality for security. If you have to get to market faster, it’s all about more features and faster time to market. But code is exploding and software complexity is increasing. If development doesn’t have the right technology to address these problems, they can’t keep up. There’s no way that they’re going to effectively address security in development.”

The most important thing to remember, according to Johnson, is that this report highlights that security all starts and ends with development. “Developers are the ones that write the code and, ultimately, they’re the ones that need to fix the problems when they come back downstream,” she said. ”Developers need to be part of the solution and take responsibility for security. But the solution is not about force-fitting security tools into development but, rather, actually giving developers tools that are accurate, actionable and that fit into their workflow.”


Related Search Term(s): software development, security, tools

Pages 1 2 


Share this link: http://sdt.bz/36962
 
Most Read  Latest News  Resources
SAP unveils SAP HANA platform innovations for Big Data and spatial processing
Features include smart data access and expanded cloud deployment options
Alteryx raises $12 million to put Big Data analytics in the hands of all business analysts
Quest founder's firm, Toba Capital, selects Alteryx as its first analytics investment
Google I/O kicks off
Developers get new APIs and tools, and the Go language hits version 1.1
Jelastic launches new version of its Java and PHP hosting platform
Jelastic today announced the launch of a new version of its ultra-scalable cloud hosting platform
Digg!  Digg
Reddit  Reddit
Slashdot  Slashdot
Share on facebook  Facebook
Share on Twitter  Twitter


close
NEXT ARTICLE
Cigital Develops Ready-to-Use Tools for Securing the Smart Grid
Cigital Inc. announced the release of the Guide to Developing a Cyber Security and Risk Mitigation Plan Read More...
 
 
 




News on Monday  more>>
Android Developer News  more>>
SharePoint Tech Report  more>>
Big Data TechReport  more>>

   
 
 

 


Download Current Issue
MAY 2013 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?