[ISN] Study: Application Security Not An Enterprise Priority

From: InfoSec News <alerts_at_private>
Date: Fri, 30 Apr 2010 00:35:30 -0500 (CDT)
http://www.darkreading.com/security/app-security/showArticle.jhtml?articleID=224700250

By Kelly Jackson Higgins
DarkReading
Apr 29, 2010

With all of the attention and education surrounding secure coding 
practices and Web attacks, you'd think it would be sinking in to 
enterprises by now, but not so much, according to a new survey: Only 18 
percent of IT security budgets are dedicated to Web application 
security, while 43 percent of budgets are allocated to network and host 
security.

"The State of Application Security" report by the Ponemon Institute and 
commissioned by Imperva and WhiteHat Security, published this week, 
found that 70 percent don't believe their organizations allocate enough 
money to securing and protecting their mission-critical Web apps. In 
addition, 55 percent said developers are too busy to fix security issues 
in their apps.

"Overall, the results of the study confirmed things WhiteHat and Imperva 
have believed and recognized for quite some time. The vast majority of 
attacks come through applications -- in particular, Web applications," 
says Stephanie Fohn, CEO of WhiteHat.

The survey found that 34 percent of major vulnerabilities are not fixed, 
and 38 percent said they believed it would take more than 20 hours of 
time for a developer to fix one bug. 

[...]


_______________________________________________
Best Selling Security Books and More!
Shop InfoSec News
http://www.shopinfosecnews.org/ 
Received on Thu Apr 29 2010 - 22:35:30 PDT

This archive was generated by hypermail 2.2.0 : Thu Apr 29 2010 - 22:48:43 PDT