The application development process is rampant with security risks due to current business pressures, according to new research released at Black Hat USA 2015 by Prevoty.
From competing business pressures to secure code training to scanning false negatives, developers have their backs to the wall when it comes to developing and releasing applications that not only perform the function they are designed to perform, but also do so in a way that protects the company’s prized data.
Security is left to the last minute — if considered at all. Nearly half of those surveyed say they knowingly release applications with vulnerabilities at least 80 percent of the time.
The survey/report (registration required), titled “The Impact of Security on Application Development,” revealed the fast growing business demands for IT security as more enterprises move their applications to the cloud and rely on third-party software to optimize their end-to-end operations. Doing so helps the enterprise deliver more functional applications to support the business, but it also broadens the attack surface.
“Despite allocating millions of dollars to developing applications, enterprises still underinvest in a critical component: securing their applications against attacks,” said Julien Bellanger, co-founder and CEO of Prevoty. “Identifying vulnerabilities is important, but nothing is actually solved without remediation. Our research shows that vulnerability remediation is significantly impeding enterprises’ ability to release applications on time and on budget.”
Key takeaways from the survey responses include:
- 85 percent say vulnerability remediation has a significant impact on the ability to release applications and features on schedule and on budget.
- More than 70 percent admitted that business pressures to quickly release application updates often override security concerns.
- Nearly 80 percent of developers worry that their clients won’t trust their applications if they admit there is a security flaw.
- Nearly half (43 percent) admit to releasing applications with vulnerabilities at least 80 percent of the time.