The world has a new culprit to blame for the rising tide of software vulnerabilities: code outsourcing.
The trend to outsource the coding of applications is now a major contributor to making business software more vulnerable, a survey/report has claimed.
According to analyst group Quocirca, which surveyed 250 IT directors and executives in the U.S., the U.K., and Germany for Fortify Software, 90 percent of the organizations that admitted to having been "hacked' had outsourced more than 40 percent of their applications to third parties.
But the rush to benefit from the speed, convenience, and lower cost of outsourced applications was leaving security as an afterthought in an alarming number of cases. Sixty percent of respondents reported not mandating security from scratch, while 20 percent of those surveyed in the U.K. failed to accommodate security at all in the outsourced applications.
So what's behind this risky attitude? The report mainly blames the way companies have become enamored with relatively poorly understood Web 2.0 technologies, and the parallel rush to use SOA to open up software to much-loved partners.
As to outsourcing itself, according to Fortify, the problem here is that the client company has no visibility on the coding behavior of the company carrying out the work, no matter how good the relationship appears to be.
As in other areas of technology, U.S. organizations have been at the forefront of the software outsourcing movement, with 61 percent of those surveyed reporting that they outsourced more than 40 percent of their programming. Germany, by contrast was some way behind this percentage, with the U.K. somewhere between the two extremes, thanks to its financial services bias. The U.K.'s uptake of Web 2.0 is also closer to the U.S.'s than Germany's, which is to say that it has been significant.
"These survey results help explain the recent, sudden rise in data breaches and should serve as a wake-up call to any executive whose company sits on a pile of mission-critical application code," said Fortify board member and former White House cybersecurity advisor Howard Schmidt.
At least companies can attempt to protect themselves against the specific threat posed by lazy programming using backdoor detection systems, a growing category of software. As ever, companies find themselves solving software security problems by buying yet more software.
Techworld is an InfoWorld affiliate.
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Security Resource Alerts
Recommend This
