IT Professionals Are Hacking Their Own Enterprises To Keep Intruders Out

Survey also finds 31% of companies have fallen foul of hackers

London, (PresseBox) - A survey of IT security professionals has discovered that 83% consider commercial applications, the ones you buy off the shelf, to be riddled with code flaws and vulnerabilities. That's the discovery of a survey conducted by Fortify Software, a leader in Software Security Assurance (SSA) solutions, who found that 56% believe these flaws could allow hackers to exploit these software vulnerabilities. As a result, security professionals are making heavy investments in penetration and code testing, combined with application scanning, to try and build security into the software. Half of the IT security professionals also admitted to hacking, with 73% of these respondents doing so to test the strength of their own network's defences, 13% for fun or out of curiosity, and 3% targeting their efforts at the competition.

Compiled at this year's Infosecurity Europe 2010, the survey also unearthed that, amongst the 300 IT security professionals interviewed (with the majority taken from companies employing 1,000 plus employees), 31% admitted to being victims of hacking. More interestingly, with 29% replying 'don't know', this figure could be substantially higher! The majority of respondents cited the application layer to be the hackers' main target.

57% of the IT security profession also confer that the best way to check that their software applications are free of vulnerabilities and secure is to combine all available techniques and solutions, including code and static analysis, web application firewalls, application scanners and pen testing. Only 5% of the survey respondents we spoke to said their organisations didn't employ technology for software security.

Commenting on these results, Barmak Meftah, Chief Products Officer at Fortify Software said, "It would appear organisations are frustrated with insecure off the shelf solutions, with many obviously feeling there are few alternatives, as they still purchase them. Given that companies have to make a huge investment in applications, whether offtheshelf, outsourced or built inhouse, it is paramount that they use proper procedures (as well as automatic software solutions) to test and strengthen these applications before deployment. On the subject of whether hackers can ever be described as having 'good' intentions, I'd rather be on the side of a hacker working to bring security vulnerabilities to my attention so that I can fix them before deploying an application that exposes my business to risk. "

Of those in this survey that admitted to previous hacking knowledge and experience, 42% learnt in their twenties and 14% in their teens. Most people learnt to hack at work -- 29%; on the Internet, 26%; at University, 13%; and 8% gained their hacking skills whilst still at school and 8% used friends to help them hone their talent.

Press releases you might also be interested in

Weitere Informationen zum Thema "Security":

WSUS-Grundlagen für Admins

Die In­stal­la­ti­on von Win­dows-Up­da­tes oder Pat­ches für Mi­cro­soft-Pro­duk­te möch­ten Ad­mi­ni­s­t­ra­to­ren sel­ten ganz dem An­wen­dern über­las­sen. Will man die Up­da­tes ef­fi­zi­ent, zur pas­sen­den Zeit und oh­ne ex­t­re­me Aus­las­tung der ei­ge­nen In­ter­net­lei­tung im Netz­werk ver­tei­len, kommt man um Win­dows Ser­ver Up­da­te Ser­vices (WSUS) nicht her­um. Im ers­ten Teil der WSUS-Vi­deo-Tipp-Se­rie zei­gen wir die wich­tigs­ten Grund­la­gen für In­stal­la­ti­on und Ein­satz von WSUS.


Subscribe for news

The subscribtion service of the PresseBox informs you about press information of a certain topic by your choice at a choosen time. Please enter your email address to receive the email with the press releases.

An error occurred!

Thank you! You will receive a confirmation email within a few minutes.

I want to subscribe to the gratis press mail and have read and accepted the conditions.