Application Security: Why is Everybody Always Picking on Me?

Monday, March 19, 2012

Fergal Glynn

68b48711426f3b082ab24e5746a66b36

Article by A. Reed

The Story of the Small and Medium Independent Software Provider in a Risk-Averse World

Small or Medium Independent Software Providers value fast development-to-production timeframes. They want to pay great developers to create great functionality, and get a great product out the door… FAST!

The recent explosion in Mobile application development paints a clear picture of the modern development landscape. Not only in terms of the incredible speed of production of these types of apps, but perhaps more importantly, the widening gap between speed-to-market and software security quality.

The application security problem reaches well beyond the Fortune 500. Mid-market businesses in software, retail, banking, are under fire just like the big boys. To compound the problem, software security verification has historically been a time intensive process that placed much strain on the limited resources of fast growing ISVs.

Large enterprises can address the problem with Board level directives to contain the application security threat. At Veracode we see this ringing clearly across security conscious industries like financial services, defense, software, banking, healthcare, and e-commerce.

Large enterprises are also setting up application security programs to reduce the risk introduced into their respective organizations by 3rd party software. We see that smaller ISVs are faced with a unique set of challenges when it comes to building secure software quickly and cost-effectively under increasing demands for a faster speed-to-market.

The good news for ISVs is that there is a solution to avoiding painful and time-consuming ad-hoc audits when selling into the enterprises of any size, WITHOUT lengthening your development process.

This solution involves taking the time and headaches out of application security testing (so it can be done fast and in the normal flow of developing) and educating developers on what they are doing right and what they can improve on in terms of building software securely in the first place.

That way small ISVs are developing more securely from the start and validating every-one of their applications before they ship.

With enterprise-class validation reports in-hand BEFORE they approach their customers, smaller ISVs can not only avoid the sudden unpleasantness of an auditing process, but may now leverage software security as a competitive differentiator… without even breaking a sweat.

Enabling small-to-medium size companies to avoid inheriting vulnerability from software they didn’t write, and empowering software providers to sell more secure products, faster, with greater confidence… that is the power of proactive application security verification.

Hundreds of our clients in the mid-market, facing stringent security requirements from their customers or demands from regulatory auditors sell their software products and services faster by nipping the security question in the bud.

Cross-posted from Veracode

Possibly Related Articles:
5231
Webappsec->General
Software
Testing Application Security Vulnerabilities Security Audits Secure Coding Third Party Standards Software Security Assurance vendors
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.