Application developers continue to view security as an afterthought but security professionals recognize that applications represent the enterprise’s largest attack surface, ranging from mobile phones to iPads, tablets, and online banking tools.
- Application vulnerabilities were identified as the number one security threat – 69 percent of professionals identified it as a high concern
- Software is most critical component to secure infrastructure – Above commercial software (61 percent) and hardware (53 percent) solutions, respondents identified secure software development as the highest rated tool necessary to secure an organization’s infrastructure
- The bigger the organization, the bigger the problem – Concerns around software security increase with company size, perhaps correlated with the greater amounts of software development in large companies, versus smaller companies that rely heavily on commercial applications
- Security’s soft underbelly – Insecure software was a contributor in approximately one-third of attributable security breaches.
- Disconnect – Only 21 percent of information security professionals are involved in software development, 20 percent in procurement, and 10 percent in outsourcing. Most respondents (75 percent) become involved during the specification requirements phase of development.
- Lack of staff – Around half of employers see their security team as understaffed.
- Application vulnerabilities are the number one security concern for 72 percent of C-level executives.
- Almost half of security organizations are NOT involved in software development.
- Insecure software was a contributor in approximately one third of the 60 percent of detected security breaches in 2011.
- Application security, malware, and mobile threats top the list of external concerns.