Although down by eight percent from last year’s survey, Fortify finds the results disturbing.
Barmak Meftah, senior vice president, products & technologies at Fortify Software, said: “Although pleased by a reduction in respondents who admit their software applications are vulnerable to attack, eight percent simply isn’t good enough. Today, such an informed audience shouldn’t be citing security concerns as bottom of anyone’s mind or worse not considered a priority. Businesses really should be looking to alleviate the security risks in their applications and achieve software security assurance so that they don’t have to face the expense and embarrassment of being hacked.”
Almost half (46%) of the IT professionals said that hacking at the application level is the easiest way into a company – an increase of a third over 2008 results, Fortify said. 5% said that 76-100% of hacks are targeted at applications.
Furthermore, a third of respondents said they believe buying external applications could pose a greater security threat than when writing them in-house, but worryingly, 35% did not consider checking these externally procured applications for flaws and vulnerabilities.
Over half (55%) of the IT professionals said they are worried about application security because it has not been made a priority for the developers. Perhaps even worse, 21% expressed concern because application security seem to be at the bottom of people’s minds at the same time as 23% of respondents said there has been an increase in attacks since the start of the economic downturn with 26% of respondents having fallen victim to at least one instance of hacking over the last year.