Less than 50% of third party code is tested for quality and security in development.
The "Software Integrity Risk Report," was based on a survey of 336 people involved in software projects. The study was conducted by Forrester Consulting for testing tools company Coverity.
According to the study, most companies source software code from multiple third parties and this code is not tested for quality, safety and security with the same rigour as in-house developed software. The study also reveals a skewed risk-to-responsibility culture forming in development and highlights the impact software defects have on business.
The "Software Integrity Risk Report" found only 44% of companies conduct automated code-testing during development for third party code, compared to 69% that use automated code testing for internally developed software. The study also shows 35% of companies conduct risk, security or vulnerabilities assessments for third party code, compared to 70% of companies deploying these methods on their internally developed software.
Jon Arnold, managing director at Coverity, said: "Whilst everyone is aware of what happens in their organisation, when code comes in from outside, there is a view that software coming in externally will work well."
Arnold warns that, while external code may be high quality, it may not be up to the same quality standard as internally developed software due to different coding standards and policies.