We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Developers say application security lacking

Are enterprise applications really secure? It depends on whom you ask.

A recent study by the Ponemon Institute of more than 800 IT executives found a striking disconnect between perceptions of security controls between developers and security professionals. Developers largely say applications run by their enterprise are not secure, while security professionals are much more optimistic about the security of their applications.

Seven in 10 developers say security is not adequately addressed in their applications, but only half of security officers believe that. Almost 80% of developers said they have no process, or simply an ad hoc process, for building security controls into their applications. But, only 64% of security personnel said they have no formal process for building security into their enterprise applications.

READ: Cloud-based single sign-on: A business perk for customers?

READ: Soon after release, latest iPad model is jailbroken

Ponemon says the disconnect can be costly for businesses: Nearly 68% of developers say their applications have been compromised because of a security breach.

"Gaps in perceptions between security practitioners and developers about application security maturity, readiness and accountability indicate why many organizations' critical applications are at risk," the study says. "A lack of collaboration between the security and development teams makes it difficult to make application security part of an enterprise-wide strategy and to address serious threats."

Beyond a lack of collaboration between these two groups, the Ponemon Institute points to a lack of security training, noting that just over half of developers say they have no formal training in application security.

All of this is leading to enterprises that are admittedly not in compliance with security standards. The study found that less than 15% of security officials and developers say their applications meet security regulations for privacy and data protection and information security.

Ponemon recommends that enterprises take a closer look at their application security guidelines and invest in security personnel to specifically track protocols and ensure accountability.

Network World staff writer Brandon Butler covers cloud computing and social media. He can be reached at [email protected] and found on Twitter at @BButlerNWW.

Read more about anti-malware in Network World's Anti-malware section.


IDG UK Sites

Amazon Kindle Voyage release date, price and specs UK: a high-end eReader with Amazon’s best-ever...

IDG UK Sites

Why local multiplayer gaming is rapidly vanishing: we look at the demise of split-screen and LAN...

IDG UK Sites

How to successfully bridge the gap between clients and creatives

IDG UK Sites

How to update your iPhone or iPad to iOS 8: including how to install iOS 8 if you don't have room