9 April 2008
Organisations that are frequently hacked almost certainly outsource at least some of their coding practice, according to a new report by Quocirca.
The technology analysis group says companies are failing to build in security when they outsource the development of their critical applications.
The firm warns that a ‘chilling’ one in five UK companies do not even consider security when building their applications. Moreover, more than 60 per cent of companies overall that outsource the coding of their critical applications do not mandate that security must be built into the applications.
The survey of 250 C-level executives and IT directors from mainly 1,000+ employee sized corporations from the UK, US and Germany found that 90 per cent of those firms hacked outsource more than 40 per cent of their code. Of the organisations stating that software code development is business critical or important to them, 50 per cent outsource more than 40 per cent of their code development needs.
Statistics already show that the software application layer is where most hackers are accessing critical data. According to the National Institute of Standards and Technology, 92 per centof vulnerabilities affecting computer networks are contained in software applications.
This could be a growing problem as organisations increasingly look to outsource application development, more components of software applications are being developed outside of their direct control.
Fran Howarth, principal analyst at Quocirca and author of the report, said: “The findings of this report indicate that not enough is being done by organisations to build security into the applications on which their businesses rely. Not only that, but they are entrusting large parts of their application development needs to third parties. This creates an even greater onus for organisations to thoroughly test all code generated for applications — without which they could be playing into the hands of hackers.”
