June 2009 – Seventy three percent of IT professionals admit their software applications are still vulnerable to hackers, only an eight percent reduction on last year’s startling discovery. In a repeat of its survey conducted amongst IT security professionals, Fortify Software – the application security specialists, has learned that, this year, forty six percent think that hacking at the application level is the easiest way into a company - an increase on a third compared with last year’s Fortify survey. Worryingly five percent report that between 76% and 100% of hacks are targeted at applications.
External vs Internal
A third of respondents believe that buying external applications pose a greater security threat than writing them in house. That said, thirty five percent don’t consider checking externally procured applications for flaws and vulnerabilities. When examining how concerned respondents were about application security, fifty five percent of respondents disclosed they were worried because it hadn’t been made a priority for the developers. A further twenty one percent were rightly disturbed because it is at the bottom of everyone’s mind.
Barmak Meftah, Senior Vice President Products & Technologies, from Fortify Software said “Although pleased by a reduction in respondents who admit their software applications are vulnerable to attack, eight percent simply isn’t good enough. Today, such an informed audience shouldn’t be citing security concerns as bottom of anyone’s mind or worse not considered a priority. Businesses really should be looking to alleviate the security risks in their applications and achieve software security assurance so that they don’t have to face the expense and embarrassment of being hacked.”
Other Factors
The survey also confirms that the economic downturn is having an impact on organisations’ security with twenty three percent reporting an increase in hacking attempts since the economy went into freefall.
Twenty six percent have been victim to at least one instance of hacking in the last twelve months.
The Fortify Application Security Survey was first carried out at Infosecurity Europe 2008 amongst 300 IT security professionals, who were drawn from mainly 1000+ employee sized companies and repeated at this years event amongst 282 visitors.
Fortify® Software products protect companies from the threats posed by security flaws in business-critical software applications. Its software security suite —Fortify 360 — drives down costs and security risks by implementing threat intelligence, automating key processes of developing and deploying secure applications. Fortify Software's customers include government agencies and FORTUNE 500 companies in a wide variety of industries, such as financial services, healthcare, e-commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by world-class teams of software security experts and partners. More information is available at www.fortify.com.
Source: Eskenzi PR
<>