IT security professionals should have the authority to pull the plug on an IT development if they are not satisfied with the level of security.
That was one piece of advice on tackling the thorny problem of applications security raised at the first Computer Weekly Infosecurity User Group meeting of the year, held in London last month.
IT developers too often design in security flaws at an early stage of a program's development because they do not understand the elements of IT security and do not view what they are doing in a holistic way, the meeting of IT security users heard.
Typical recipes for disaster pinpointed at the meeting include having inadequate security procedures and audits in the IT development cycle, a lack of effective testing tools, and insufficient scrutiny of third-party software code. The meeting heard that most problems are caused by code delivered by third parties.