We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Developers say application security lacking

Are enterprise applications really secure? It depends on whom you ask.

A recent study by the Ponemon Institute of more than 800 IT executives found a striking disconnect between perceptions of security controls between developers and security professionals. Developers largely say applications run by their enterprise are not secure, while security professionals are much more optimistic about the security of their applications.

Seven in 10 developers say security is not adequately addressed in their applications, but only half of security officers believe that. Almost 80% of developers said they have no process, or simply an ad hoc process, for building security controls into their applications. But, only 64% of security personnel said they have no formal process for building security into their enterprise applications.

READ: Cloud-based single sign-on: A business perk for customers?

READ: Soon after release, latest iPad model is jailbroken

Ponemon says the disconnect can be costly for businesses: Nearly 68% of developers say their applications have been compromised because of a security breach.

"Gaps in perceptions between security practitioners and developers about application security maturity, readiness and accountability indicate why many organizations' critical applications are at risk," the study says. "A lack of collaboration between the security and development teams makes it difficult to make application security part of an enterprise-wide strategy and to address serious threats."

Beyond a lack of collaboration between these two groups, the Ponemon Institute points to a lack of security training, noting that just over half of developers say they have no formal training in application security.

All of this is leading to enterprises that are admittedly not in compliance with security standards. The study found that less than 15% of security officials and developers say their applications meet security regulations for privacy and data protection and information security.

Ponemon recommends that enterprises take a closer look at their application security guidelines and invest in security personnel to specifically track protocols and ensure accountability.

Network World staff writer Brandon Butler covers cloud computing and social media. He can be reached at [email protected] and found on Twitter at @BButlerNWW.

Read more about anti-malware in Network World's Anti-malware section.


IDG UK Sites

Sony Xperia Z3 Compact review: A better deal than the Z3 and most smartphones

IDG UK Sites

Why people aren't upgrading to iOS 8: new features are for power users, not the average Joe

IDG UK Sites

Framestore recreates ancient China for Mr Bean's martial arts misadventure

IDG UK Sites

iPad Air 2 review: Insanely fast and alarmingly thin. Speed tests, camera tests and more