http://www.darkreading.com/vulnerability-management/167901026/security/news/240007576/real-world-developers-still-not-coding-securely.html By Ericka Chickowski Contributing Writer Dark Reading Sep 18, 2012 The extreme pressure on developers from line-of-business leaders to push out new web application feature sets as quickly as possible, combined with a lack of security development objectives or actionable security guidance, continues to negatively impact web application vulnerability levels. A new study out this week based on a survey conducted by Forrester Research on behalf of Coverity showed web application incidents still remain expensive as a result of these vulnerabilities and are costing some organizations hundreds of thousands to millions of dollars. Advocates have long argued for the benefits of embedding secure development life cycle (SDLC) principles into coders' day-to-day workflow in order to save on costs. "The industry has been championing over the last couple of years is, if you can find software defects whether they're quality issues or they're security issues earlier in the cycle, it's going to cost you a lot less and take a lot less time to fix them," says Jennifer Johnson, vice president of marketing for Coverity. But unreasonable development time constraints, impractical security tools that don't work well within real-world development settings and inadequate training on secure coding principles have all conspired together the squash the SDLC ethos at most dev shops. According to survey results, only 51% of organizations currently have coders conduct security testing, and only 40% of organizations report they test during development. And just 42% have any kind of secure coding guidelines in place within their organizations. [...] -- #HITB2012KUL - The 10TH ANNUAL HITB Security Conference in Malaysia with no keynotes, no labs - just three tracks filled with our most popular speakers from the last decade: http://conference.hitb.org/Received on Wed Sep 19 2012 - 00:10:52 PDT
This archive was generated by hypermail 2.2.0 : Wed Sep 19 2012 - 00:10:58 PDT