The U.S. Department of Homeland Security (DHS) states that 90 percent of security incidents result from exploits against defects in software. That’s a big statement – and it implies that poor software development may be the biggest cyber threat of all.
You have to wonder if that’s an isolated finding in the context of DHS’s own experience – or do CISOs, IT security professionals, researchers and analysts, software developers, and application vendors agree?
The “Forrester Wave: Application Security Report”, which evaluates vendors for security and risk professionals, says many firms have rushed to bring applications online, building out consumer-facing websites, buying commercial off-the-shelf (COTS) products, and developing mobile applications to enable and engage with their customers and partners without thinking about the security of the application itself. As a consequence, businesses are exposing their most sensitive corporate and customer data to possible external threats and breaches.