Slipping In The Side Door With App Security Message
By Jennifer deJong
August 15, 2006 —
(Page 1 of 4)
In the beginning, the strategy seemed obvious. Show development managers how the code their teams write can be compromised, and they will buy application security tools designed to help prevent the problem.
But, according to application security tool makers, things haven’t turned out that way. Convincing development managers to adopt the source-code analyzers and black-box testing tools they sell has proved difficult, the tool makers acknowledged.
“It was naive to think developers would take up application security on their own,” said Roger Thornton, founder and chief technology officer for Palo Alto, Calif.-based Fortify Software. They are already under a lot of pressure, he said. “Everyone is asking them for more features, faster.”
Getting developers to adopt security tools is a tricky thing, added Mike Weider, founder and chief technology officer for Waltham, Mass.-based Watchfire. They are accustomed to writing code and handing it off to QA, he said. “They don’t see testing as part of their role, and using the tools slows them down.”
What’s more, the popular sales tactic of analyzing developers’ code and identifying where and why the application is vulnerable to attack didn’t exactly win developers over, noted Caleb Sima, founder and chief technology officer for Atlanta-based SPI Dynamics. “When you come along with a tool that shows developers what they did wrong, that’s a frustrating experience,” he said, which led many developers to rebel. “The developers said, ‘I don’t want you pointing out more problems for me. Just let me do my job.’”
Getting the Message
In spite of these hurdles, application security tools are making their way to developers’ desktops, albeit by a more circuitous route.
Source-code analyzers, which scan code against a database of known vulnerabilities, and black-box testing offerings, which find security holes by attacking an application in much the same way a hacker might, are typically driven into development by the security professionals, according to the tool makers. Charged with carrying out mandates from top management, security professionals are setting policies that require development teams to adopt the tools, they said.
Share this link: http://sdt.bz/29488
Most Read Latest News Blog Resources
Zeichick’s Take: Radio moves from analog waveforms to digital packets
Streaming radio highlights the need for streaming applications to be designed to take up as little bandwidth as possible
|
|
Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans
|
|
Appcelerator Acquires Cocoafish to Add Instant Mobile Cloud Capabilities to its Industry Leading Titanium Platform
Appcelerator Offers Messaging, Social, Location and Storage Mobile Cloud Services to All Mobile App Publishers
|
|
ComponentOne Releases a Collection of 40+ UI Widgets Powered by HTML5 and jQuery
ComponentOne has announced the 2012 release of Wijmo: a kit of UI widgets for HTML5 and jQuery development
|
Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans
|
|
Top five apps to manage your workload
Web applications offer new ways to track your “to-do” lists
|
|
Not so fast when it comes to testing in the cloud
Developers face outsourcing, virtual lab management and mobile devices as obstacles
|
|
Xceed releases UX-focused suite for Microsoft’s WPF
"Blendables" helps match user experiences to developer visions
|
Are you at risk for burnout?
Burnout is a severe problem and it can strike at any time. Here's how to tell if you are nearing the edge.
|
|
Agility, mom, and apple pie
If we're to evaluate the state-of-the-art in software development, we should start with the values espoused in the Agile Manifesto.
|
|
RIM woos developers with free tablet
How do you get more apps ported to the BlackBerry PlayBook? By giving every developer a free tablet, of course!
|
|
GitHire: Use Headhunters to Find Your Perfect Programmer
Are you a hiring manager tired of scouring the job boards? Check out this new service that will find 5 people interested in your jobs.
|
The Hidden Costs of Software Licensing
Moving beyond paper-based software licensing to more flexible, software-based licensing is a business decision. There is a growing trend tow...
|
|
Case Study: You May Need a Development Mechanic
As a contractor for a major financial player in Germany, SOBEGE, a German-based consultancy specializing in embedded IT and web services, wa...
|
|
Ensuring Software Quality at a Major International Bank
One of the world’s leading international banks has adopted AgitarOne technology for delivering generated unit tests for their Java software...
|
|
Load Testing Adobe Flex Applications
Adobe Flex applications may be different from applications you’ve worked with before. For classic HTML web applications, the server does all...
|