To be released to the public on March 20th: results of new research from The Ponemon Institute, IBM, and Security Innovation. The study analyzed over 800 InfoSec/IT and software development professionals to understand the application security maturity (ASM) in their organizations – the skill levels, procedures followed, and tools adopted to create and deploy secure software applications. The results are staggering. Here are some advance peeks:
- Enterprise organizations aren’t prioritizing application security
- 64% of security personnel state they either have no process (like a Secure SDLC) at all, or an inefficient ad-hoc process for building security into their applications. 79% of developers state the same.
- Application Security Know-how is Sorely Lacking
- 71% of developers feel security is not adequately addressed during the software development life cycle
- 47% of developers state that there is no formal mandate in place to remediate vulnerable application code
- Over half (51%) of developers and over half (51%) of security personnel have no training in application security.
- 54% of developers feel fixing security bugs is a significant drain on their company's time and budget
- The most common primary mean of securing Web-facing applications is a network firewall (good grief!)
