New Study Shows Outsourced Software Development Greatly Increases Security Risk to Companies

More than 60% of companies disregard security when outsourcing development SAN MATEO, Calif., April 7, 2008 /PRNewswire/ -- Lead application
security seller Fortify Software announced today the determinations of a new
report released by European information engineering analysis group,
Quocirca, entitled, Why Application Security is Critical. Today's
businesses are increasingly relying on software system development to keep a
competitive advantage, and this new study uncovers that the widespread
outsourcing of codification development is putting these concerns at risk. As
organizations increasingly look to outsource application development, they
are leaving themselves severely exposed to information marauders by failing to
mandate security in the development of those critical applications. According to the report, 50 percentage of organisations stating that
software codification development is concern critical outsource almost half of
their codification development needs. And, according to the report, more than than 60
percent of companies don't mandate security when outsourcing development. "The determinations of this study bespeak that not adequate is being done by
organizations to construct security into the applications on which their
businesses rely," said QuoCirca Analyst Fran Howarth, writer of the report. "Not only that, but they are entrusting big parts of their application
development necessitates to 3rd parties. This makes an even greater burden for
organizations to thoroughly prove all codification generated for applications --
without which they could be playing into the custody of hackers." Recent, highly publicized information breaches at companies such as as TS
Ameritrade, TJX and Hannaford Brothers exemplify how software system applications
can often incorporate exploitable vulnerabilities. According to the Quocirca
report, all organisations who admitted to being frequently hacked outsource
at least some of their coding practice, with 90 percentage of companies
outsourcing almost half of their application development. "The procedures and systems that tally companies today are built in
software applications that were designed to be open, which do them
inherently insecure," said Roger Thornton, Laminitis and Head Technology
Officer of Fortify. "Through outsourcing, client self-service offerings
and the like, endeavors ask for people into their web in order to do
business better and quicker, but they go forth themselves and their corporate
assets vulnerable to assail and exploitation. Without assuring the security
of the software system applications that tally your business, you expose your
enterprise to unneeded and dearly-won risk." In the study, fiscal services companies are identified as the most
likely to outsource their codification development needs, with 72 percentage reporting
that they outsource almost half of their development practices. 84 percent
of these organisations study that codification development is concern critical. Populace sector organisations are also large outsourcers, with 55 percent
outsourcing over 40 percentage of codification development. Other key determinations in this survey include: -- Organizations are exposing themselves to increased hazard through the
usage of Web 2.0 engineerings and Services Oriented Architectures (SOA)
by not assuring the security of applications during development -- Using machine-controlled solutions for edifice security into the software
development lifecycle translates to take down overall pass on IT security -- The surveyed organisations in the U.S. often fall far behind the U.K.
and Federal Republic Of Germany when it come ups to edifice in security from the beginning of
application development "These study consequences aid explicate the recent, sudden addition in data
breaches and should function as a aftermath up phone call to any executive director whose company
sits on a heap of missionary post critical application code," said Leslie Howard Schmidt,
member of Fortify's Board of Directors and former Cyber Security Advisor
for the White Person House. The information in the study is based on a study of 250 IT directors,
senior IT directors and C-level executives in Germany, the United Kingdom and the US. IT
was completed in December 2007 and January 2008. Those surveyed included
organizations from 1,000 employees up to big multinationals within a wide
range of industrial sectors. To entree a full transcript of the report, visit
. Fortify is offering security people the chance to benchmark
their security patterns against industry averages. This study is
available at:
. About Quocirca Ltd Quocirca is a primary research and analysis company specialising in the
business impact of information engineering and communication theory (ITC). With
world-wide, native linguistic communication reach, Quocirca supplies in-depth insights into
the positions of purchasers and influencers in large, mid-sized and small
organizations. Its analyst squad is made up of real-world practicians with
first manus experience of ITC bringing who continuously research and track
the 1industry. Quocirca studies are freely available to everyone and the full textual matter of
this study may be requested via . About Fortify Software, Inc. Fortify(R) Software merchandises protect companies from the menaces posed
by security flaws in business-critical software applications. Its software
security suite -- Fortify 360 -- thrusts down costs and security hazards by
implementing menace intelligence, automating cardinal procedures of developing
and deploying unafraid applications through Business Software Assurance. Fortify Software's clients include authorities federal agencies and luck 500
companies in a broad assortment of industries, such as as fiscal services,
healthcare, e-commerce, telecommunications, publishing, insurance, systems
integration and information management. The company is backed by
world-class teams of software system security experts and partners. More
information is available at . Press Contact:
Katherine Nellums
Merritt Group
415-247-1663