Third party software goes untested, finds Forrester survey


Third party software goes untested, finds Forrester survey

Cliff Saran

Less than 50% of third party code is tested for quality and security in development.

The "Software Integrity Risk Report," was based on a survey of 336 people involved in software projects. The study was conducted by Forrester Consulting for testing tools company Coverity.

According to the study, most companies source software code from multiple third parties and this code is not tested for quality, safety and security with the same rigour as in-house developed software. The study also reveals a skewed risk-to-responsibility culture forming in development and highlights the impact software defects have on business.

The "Software Integrity Risk Report" found only 44% of companies conduct automated code-testing during development for third party code, compared to 69% that use automated code testing for internally developed software. The study also shows 35% of companies conduct risk, security or vulnerabilities assessments for third party code, compared to 70% of companies deploying these methods on their internally developed software.

Jon Arnold, managing director at Coverity, said: "Whilst everyone is aware of what happens in their organisation, when code comes in from outside, there is a view that software coming in externally will work well."

Arnold warns that, while external code may be high quality, it may not be up to the same quality standard as internally developed software due to different coding standards and policies.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy