Resources for Federal Financial Institutions Examination Council (FFIEC)

How to ensure outsourced software development is secure

www.it-director.com

It depends on who you ask, but Codenomicom of Finland, a provider of software testing tools, reckons that 80% of security problems are caused by programmers writing insecure code. Much of this is the result of development schedules being too tight. Given that software applications contain thousands or even millions of lines of code, it is more than likely that some programming errors are made that could leave the application vulnerable to attack.

The fact that software applications can contain flaws is nothing new. But a recent survey by Quocirca of 250 organisations shows that not only are businesses increasingly relying on bespoke or modified software applications, which they see as critical for their business, but not enough of them are employing automated tools for testing those applications for security vulnerabilities.

Another practice that is increasingly being seen is the outsourcing of code development to third parties. This can be a less costly option than developing the code in-house, especially where a business does not have sufficient resources of its own. But when such an essential process is placed in the hands of a contractor, extra care must be taken to ensure that secure coding practices are used and that applications are thoroughly tested.

View the Resource

Share or bookmarklet this web page at: