New Application Security Research from The Ponemon Institute

Posted by Ed Adams on February 24, 2012 at 11:23 AM
Find me on:

To be released to the public on March 20th: results of new research from The Ponemon Institute, IBM, and Security Innovation. The study analyzed over 800 InfoSec/IT and software development professionals to understand  the application security maturity (ASM) in their organizations – the skill levels, procedures followed, and tools adopted to create and deploy secure software applications.  The results are staggering. Here are some advance peeks:

  • Enterprise organizations aren’t prioritizing application security
    • 64% of security personnel state they either have no process (like a Secure SDLC) at all, or an inefficient ad-hoc process for building security into their applications. 79% of developers state the same.
  • Application Security Know-how is Sorely Lacking
    • 71% of developers feel security is not adequately addressed during the software development life cycle
    • 47% of developers state that there is no formal mandate in place to remediate vulnerable application code
    • Over half (51%) of developers and over half (51%) of security personnel have no training in application security.
    • 54% of developers feel fixing security bugs is a significant drain on their company's time and budget
    • The most common primary mean of securing Web-facing applications is a network firewall (good grief!)

Topics: security awareness

Ed Adams

Written by Ed Adams

Ed Adams is a software quality and security expert with over 20 years of experience in the field. He served as a member of the Security Innovation Board of Directors since its inception in 2002 and took over as CEO in 2003. Ed is Research Fellow at The Ponemon Institute, serves on the board of several IT security organizations, and was named a Privacy by Design Ambassador by the Information and Privacy Commissioner of Canada.