Symantec polled 400 programmers on the topic of security in application software and has now published part of the results. The survey shows that there is still some room for improvement.
93 per cent of those polled indicated that secure applications are more important today than three years ago. Yet only 70 per cent of the software developers believe that employees consider security aspects during the development process. Their view is even more dim in terms of integrated observance of security requirements: on this point, only a fifth of those polled were convinced that security-minded development is conducted over the entire course of a project.
The programmers are of the opinion that a holistic approach could improve application security. The management of development firms also report an understanding of the priority of security-oriented programming, Symantec claims. Yet the companies also face pressure to bring their products quickly to market, at the cost of reduced security.
Two-thirds of the programmers see application security as part of quality assurance, yet only a third of the companies have implemented quality assurance procedures in that area. Another weakness is in the continuing education of the developers. Only two-fifths of those polled had received training for secure programming.
- Security Hole, Applications Software, Report by Symantec