Three-quarters of businesses think their applications contain
security holes that can be exploited by criminals.
This is the finding of a survey of 757 organisations by
Infosecurity Europe, which will focus on
application securityat itsannual
exhibition to be held in London from 24 to 26 April.
Interviews conducted by Infosecurity Europe with a panel of 20
Chief Security Officers (CSOs) of large enterprises revealed that
they are "very concerned" about the security of application
code.
The CSOs said they were especially concerned about the work
carried out by developers working on mission-critical web
applications outsourced to third parties.
Many of them said that they would welcome an initiative to raise
awareness of security among the developer community to make secure
software applications a priority.
Howard Schmidt, director Fortify Software and former
cybersecurity adviser to the White House, said when organisations
develop applications, quality is one of the highest priorities, but
security vulnerabilities are seldom recognised or fixed.
"Priority is often given to delivering application features and
business benefits without the understanding of fundamental coding
errors that lead to security issues," he said.
Business leaders need to set in place business software
assurance processes including development practices designed to
ensure that their applications are secure, said Schmidt, to protect
the data of citizens, customers and shareholders from the new wave
of threats from cybercriminals.