IT security professionals consider off the shelf commercial applications to be riddled with code flaws and vulnerabilities

26 July 2010
According to a survey conducted by Fortify Software, 83% of IT security professionals consider commercial applications, the ones you buy off the shelf, to be riddled with code flaws and vulnerabilities. 56% believe these flaws could allow hackers to exploit these software vulnerabilities.

As a result, security professionals are making heavy investments in penetration and code testing, combined with application scanning, to try and build security into the software. Half of the IT security professionals also admitted to hacking, with 73% of these respondents doing so to test the strength of their own network’s defences, 13% for fun or out of curiosity, and 3% targeting their efforts at the competition.

The survey also unearthed that, amongst the 300 IT security professionals interviewed (with the majority taken from companies employing 1,000 plus employees), 31% admitted to being victims of hacking. More interestingly, with 29% replying ‘don’t know’, this figure could be substantially higher. The majority of respondents cited the application layer to be the hackers’ main target.

57% of the IT security profession also confer that the best way to check that their software applications are free of vulnerabilities and secure is to combine all available techniques and solutions, including code and static analysis, web application firewalls, application scanners and pen testing. Only 5% of the survey respondents we spoke to said their organisations didn’t employ technology for software security.

Commenting on these results, Barmak Meftah, Chief Products Officer at Fortify Software said, “It would appear organisations are frustrated with insecure off the shelf solutions, with many obviously feeling there are few alternatives, as they still purchase them. Given that companies have to make a huge investment in applications, whether off-the-shelf, outsourced or built in-house, it is paramount that they use proper procedures (as well as automatic software solutions) to test and strengthen these applications before deployment. On the subject of whether hackers can ever be described as having ‘good’ intentions, I’d rather be on the side of a hacker working to bring security vulnerabilities to my attention so that I can fix them before deploying an application that exposes my business to risk. ”

Of those in this survey that admitted to previous hacking knowledge and experience, 42% learnt in their twenties and 14% in their teens. Most people learnt to hack at work, 29%; on the Internet, 26%; at University, 13%; and 8% gained their hacking skills whilst still at school and 8% used friends to help them hone their talent.

 

Latest retail security articles

 Companies continue to leave their security measures short when it comes to protection against mobile device risks

 Domino's Pizza converts to iCatcher for their in store CCTV

 4iSecurity's software protects Sleepmasters' headquarters

 The new Twilight EAS Tagging System is the perfect solution for stores with modern interior

 Holland and Barrett rolls out Checkpoint's EVOLVE Electronic Article Surveillance system in 135 UK stores

 Data protection laws are too relaxed and require revision

 Zeus financial malware targets online banking customers by exploiting Verified by Visa and MasterCard SecureCode security programs

 Norbain secures exclusive agreement with Geoquip

 MITec, FAC and Ukash provide a fully integrated and secure alternative cash payments solution in Mexico

 SALTO Systems's offline access control readers combine with Siemens' SiPass security management system

...[view more articles on retail security]...

 

Other security websites:

Bank and financial security - Corporate security - School and education security - Sport event and live venue security - Healthcare and hospital security - Hotel restaurant and casino security - Industrial and manufacturing security - Infrastructure and Utilities security - Home and personal security - Public sector security - Retail security - Small Business security - Transport security

Breaking News Retail security News Retail security events and conferences Retail security books and guides Security bodies and Associations

About us Editorial policy Advertise Newsletter registration Free newsfeed for your site
Retail security links

Retail group spends $684,939 on 2Q lobbying The Retail Industry Leaders Association spent $684,939 in the second quarter to lobby the federal government on a variety of issues from health care reform to clothing tariffs, according to a recent disclosure report.

Retail Stocks Drop; Casey's Jumps On New Offer Retail Stocks Drop; Casey's Jumps On New Offer

Retail Stocks: Retail stocks drop; Casey's jumps on new offer Retail stocks fall for the first time in the past four trading sessions, tracking the broader markets lower, amid concerns about the health of European banks.

Security can't excuse protectionism -China minister Security can't excuse protectionism -China minister

Security guard taken to hospital after car drives into window of Hallandale Beach bank A security guard was taken to a hospital Tuesday morning after a car drove into a bank window.

Slain security guard was hard worker, able mediator Slain security guard was hard worker, able mediator

Security update for Safari leads Apple updates Updates to Apple's Safari browser address a trio of security issues, one specific to Windows, as well as delivering compatibility improvements. The iWeb web page creation program has also been updated. Apple has released version 5.0.2 of its Safari browser, removing three security vulnerabilities and addressing compatibility issues. One of the vulnerabilities is specific to Windows. In previous ...



Copyright © Retail Security Portal

Terms & conditions
Privacy policy
CMS and Web design by www.areza.com
directory of retail security suppliers
Search directory Register your company
Retail Security books:

SEARCH NEWS
DIRECTORY
Google