Message for application development security is getting through to developers agree experts

(PresseBox) ( San Mateo, CA, )
Research just released in the US claims to show that the message about secure coding is starting to get through to software developers in large organisations. And, says Fortify Software, this is excellent news, as it means that customised and inhouse developed applications should start to be less liable to security flaws and loopholes.

"The research from our colleagues at Errata Security is interesting since it shows the uptake of software security assurance platforms from the likes of Microsoft is moving forward," said Richard Kirk, European director with the application vulnerability specialist.

"Besides finding that Microsoft SDL and Microsoft SDL-Agile are the most popular secure coding platforms in use, the study's researchers also found that more than half of those interviewed included preventative security activities in the development lifecycle of their software," he added.

According to the Fortify director, the study also found that firms with product development teams of under 10 people manage to implement formal methodologies more successfully than companies of more than 100 members of staff.

Kirk went on to say that Fortify's own observations have shown that the main causes of software vulnerabilities stem from the early stages of the software development lifecycle.

"Our own research, he explained, tells us time and time again about the need for regular code auditing as part of a development process, as this ensures that software that is being developed is inherently secure," he said.

"In other words 'building security in' - as opposed to attempting to add it after the fact - is the best option. This approach is not only more cost effective, but also results in applications that are much more secure because security was considered at every stage in the development process," he said.

"Errata's research is excellent news for any organisation that uses software in any shape or form, as it shows the message that application security is a distinct, but essential, part of information security is getting through to where it matters - the software developers," he added.

For more on the research results:

For more on Fortify Software:
Für die oben stehenden Pressemitteilungen, das angezeigte Event bzw. das Stellenangebot sowie für das angezeigte Bild- und Tonmaterial ist allein der jeweils angegebene Herausgeber (siehe Firmeninfo bei Klick auf Bild/Meldungstitel oder Firmeninfo rechte Spalte) verantwortlich. Dieser ist in der Regel auch Urheber der Pressetexte sowie der angehängten Bild-, Ton- und Informationsmaterialien.
Die Nutzung von hier veröffentlichten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Bei Veröffentlichung senden Sie bitte ein Belegexemplar an