- The cost of breaches due to poorly designed applications is reaching a tipping point that will force enterprises to re-evaluate their development priorities.
- The need for greater collaboration between development and security groups as well as better education and training in secure code development has never been greater.
The IT industry is getting to a point in the evolution of cybercrime where it will have to truly pay more attention to secure applications development. Right now developers are not properly trained or incented to create secure applications – they are incented to write more code that addresses specific business functions. Enterprises do not pay enough attention to how well systems and applications can stand up to malware, and that inattention has come back to haunt them. The reliance on bolt-on security—security that is largely an afterthought to the full lifecycle of enterprise applications—is the norm. And the constant search for vulnerabilities, notification of such vulnerabilities, patching and so on is costly, complex and error prone. Two of the largest breaches reported in 2011—the Sony and RSA breaches—were the result of unpatched software. (It should be noted that the RSA breach cost the company $66 million, and one estimate on Sony’s damage went as high as $1.25 billion.) It should be broadly understood at this point in time that it is much more expensive to remediate vulnerabilities after applications are released into production than it is to fix those issues during the design phase. Continue reading “Enterprises Should Emphasize Secure, Not Rapid, Application Development”