The survey was conducted through a network of 17 partner organizations that included security research and consultancy companies and industry associations. There were a total of 51 valid responses to our survey that were procured through our 17 project partners.
Key findings of this study are:
. Half of respondents consider security experience important when hiring developers, and a majority provide their developers with security training.
. 38% have a third party firm conduct a security review of outsourced code.
. At least 61% of respondents perform an independent third party security review before deploying a Web application while 17% do not (the remainder do not know or do so when requested by customers).
. Just under half of the surveyed organizations have Web application firewalls deployed for at least some of their Web applications.
Table of Contents
- Participant Profiles
- Motivations for Security Spending
- Security Spending
- Security in Software Development Cycle
- Responsibility for Security Checkpoints
- Security Personnel
- Security Training
- Third Party Security Reviews
- Web Application Firewalls
Descarga: Spending Benchmarks Project Report (March 2009)