WALTHAM, Massachusetts, October 27 /PRNewswire/ --
- Survey Finds Global Financial and Transportation Organizations Lagging in Implementing Application Security Requirements
What: Ounce Labs, the industry leader in static application security testing (SAST), today released the findings of an independent survey report by Quocirca Ltd. that examines application development outsourcing practices from 200 of the largest organizations in the UK and the U.S. One of the more surprising report findings reveals that financial and transportation organizations are lagging in implementing application security requirements in their outsourced development projects.
Details: As outsourcing continues to be a strategy used by organizations to reduce costs and increase value, but it is not without risks. As organizations push out more of their custom software application development needs to outsourcing partners, careful planning is required in terms of building stringent software security requirements into contracts and creating a process and metrics to ensure that those requirements are met.
Key survey findings include: - Retailers test outsource applications at twice the rate of financial services firms. 82 percent of retailers test their applications for the most common vulnerabilities while only 40 percent of finance firms do so. - Only 32.5 percent of finance firms check code with automated scanners compared to 62.5 percent of retailers. - Only 47.5 percent of finance firms mandate controls over who handles their data compared to 70 percent in the public sector and 72.5 percent of retailers. - Only 37.5 percent of finance firms demand any certification of their service providers compared to 82.5 percent in public sector and retail organizations.
Experts available: Jack Danahy, founder and chief technology officer of Ounce Labs, is one of the industry's most prominent advocates for putting the proper processes and checks in place to ensure outsourced applications are free of security vulnerabilities. He worked with one of the nation's leading law firms to develop proposed contract language to help organizations outsourcing development ensure source code security in the delivered software.
Fran Howarth, author of the report and principal analyst for Quocirca, focuses on emerging technologies and business models. Her main areas of coverage include enterprise applications, such as supply chain and lifecycle management, information management, security, and the convergence of physical and IT security and asset management, as well as new business models such as outsourcing and managed services. Her focus is on the business value created by the use of technology for facilitating streamlined business processes.
To read the full report, visit http://www.ouncelabs.com/secureoutsourcing
About Quocirca
Quocirca is a primary research and analysis company specializing in the business impact of information technology and communications (ITC). With world-wide, native language reach, Quocirca provides in-depth insights into the views of buyers and influencers in large, mid-sized and small organizations.
About Ounce Labs, Inc.
Ounce Labs' industry-leading Static Application Security Testing (SAST) suite brings enterprise-wide awareness of business critical vulnerabilities. With this ability to identify and prioritize issues, organizations have the information they need to address their greatest risks. Ounce's patented source code analysis delivers the scalability and automation to help organizations such as EDS, IBM, Intel, and Lockheed Martin strengthen application security and protect confidential information. Ounce also helps organizations to verify regulatory and policy compliance, addressing PCI DSS, FISMA, HIPAA and others. For more information, please visit www.ouncelabs.com.
Ounce Labs is a registered trademark of Ounce Labs, Inc. in the United States and other countries. Other product or service names mentioned herein are the trademarks of their respective owners.
MEDIA CONTACTS: Rachel O'Connell Brenda Menard Ounce Labs Davies Murphy Group +1-781-547-7016 +1-781-418-2435 Rachel.OConnell@ouncelabs.com ounce@daviesmurphy.com http://www.ouncelabs.com http://www.daviesmurphy.com Web Site: http://www.ouncelabs.com/secureoutsourcing http://www.ouncelabs.com
Rachel O'Connell of Ounce Labs, +1-781-547-7016, Rachel.OConnell@ouncelabs.com; or Brenda Menard of Davies Murphy Group, +1-781-418-2435, ounce@daviesmurphy.com
Comments