SOURCE: Aberdeen Group
January 13, 2011 11:00 ET
Application Security Done Right the First Time: Secure at the Source
Top Performers Invest More Annually in Their Application Security Initiatives, but Realize a Higher Return by Identifying and Remediating More Vulnerabilities Prior to Deployment
BOSTON, MA--(Marketwire - January 13, 2011) - In the finale of a four-part study on application security by Aberdeen, a Harte-Hanks Company (NYSE: HHS), Aberdeen's analysis of companies adopting the "secure at the source" strategy -- i.e., the integration of secure application development tools and practices into the software development lifecycle, to increase the elimination of security vulnerabilities before applications are deployed -- found that they realized a very strong 4.0-times return on their annual investments, higher than that of both the "find and fix" and "defend and defer" alternative approaches. Although the secure at the source approach is currently the least common to be implemented, Aberdeen's research confirms that it is maturing and transitioning from early adoption to mainstream use.
As part of its benchmarking process for the Security and the Software Development Lifecycle: Secure at the Source report, Aberdeen adapted a simplified version of the Microsoft Software Development Lifecycle (SDL) as a yardstick for measuring current practices. "To be clear, few companies may be in a position for full-scale adoption of the Microsoft SDL framework -- nor would they necessarily want to do so," said Derek Brink, vice president and research fellow for IT Security, Aberdeen Group. "In Aberdeen's view, the pragmatic approach is to leverage the best features of the Microsoft SDL as they apply to your organization, just as one would leverage the best of any other time-tested industry standard. Discard the rest."
The high-level takeaway from Aberdeen's analysis is that the secure at the source users are more consistent and more mature in their adoption of the secure application development practices represented by the Microsoft SDL. For example, in the design phase of the software development lifecycle, 77% of the secure at the source users indicated that functional specifications accurately and completely describe the intended use of features or function for their applications, compared to just 53% of the industry average. Readers who are actively evaluating their own secure application development practices may wish to use the Secure at the Source study to make a careful comparison of the biggest differences, as well as their own current capabilities, for each of the analysis, design, implementation, testing and release phases of the software development lifecycle.
A complimentary copy of the Security and the Software Development Lifecycle: Secure at the Source report is available at: http://www.aberdeen.com/link/sponsor.asp?spid=30410182&cid=6983&camp=2
To take a complimentary interactive assessment that can help you to identify the strategies, capabilities, and technologies used by companies with top performance in the area of application security, visit: http://assessment.aberdeen.com/cY1MyjqbaO/index.aspx.
Visit Aberdeen.com for additional access to complimentary IT Security Research.
To view complimentary 30-minute webcasts highlighting findings from this and other Aberdeen IT Security research, visit www.brighttalk.com/channel/290.
About Aberdeen Group, a Harte-Hanks Company
Aberdeen provides fact-based research and market intelligence that delivers demonstrable results. Having queried more than 30,000 companies in the past two years, Aberdeen is positioned to educate users to action: driving market awareness, creating demand, enabling sales, and delivering meaningful return-on-investment analysis. As the trusted advisor to the global technology markets, corporations turn to Aberdeen for insights that drive decisions.
As a Harte-Hanks Company, Aberdeen plays a key role of putting content in context for the global direct and targeted marketing company. Aberdeen's analytical and independent view of the "customer optimization" process of Harte-Hanks (Information - Opportunity - Insight - Engagement - Interaction) extends the client value and accentuates the strategic role Harte-Hanks brings to the market. For additional information, visit Aberdeen or call (617) 854-5200, or to learn more about Harte-Hanks, call (800) 456-9748.
(C) 2010 Aberdeen Group, Inc., a Harte-Hanks Company
451 D Street, Suite 710
Boston, Massachusetts 02210-1928
Telephone: (617) 854-5200
Fax: (617) 723-7897