jueves, 26 de marzo de 2009

OWASP Security Spending Benchmarks Project Report (March 2009)

El primer reporte OWASP Security Spending Benchmarks ya esta publicado (Ingles)

The survey was conducted through a network of 17 partner organizations that included security research and consultancy companies and industry associations. There were a total of 51 valid responses to our survey that were procured through our 17 project partners.

Key findings of this study are:
. Organizations that have suffered a public data breach spend more on security in the development process than those that have not.
. Web application security spending is expected to either stay flat or increase in nearly two thirds of companies.
. Half of respondents consider security experience important when hiring developers, and a majority provide their developers with security training.
. 38% have a third party firm conduct a security review of outsourced code.
. At least 61% of respondents perform an independent third party security review before deploying a Web application while 17% do not (the remainder do not know or do so when requested by customers).
. Just under half of the surveyed organizations have Web application firewalls deployed for at least some of their Web applications.

Table of Contents
- Survey Results
- Participant Profiles
- Motivations for Security Spending
- Security Spending
- Security in Software Development Cycle
- Responsibility for Security Checkpoints
- Security Personnel
- Security Training
- Outsourcing
- Third Party Security Reviews
- Web Application Firewalls

Descarga: Spending Benchmarks Project Report (March 2009)

Link relacionado:
- OWASP Security Spending Benchmarks
- More companies seek third-party Web app code review, survey finds

No hay comentarios: