Thursday, April 10, 2008

Firms overlook security when outsourcing software development

Source : Click

Frequent hacking victims all outsource a portion of their programming, says research

Companies that say they are frequently hacked all outsource part of their software programming, and 90 per cent of them outsource at least 40 per cent, according to a survey by analyst Quocirca.

Sixty per cent of companies that outsource their coding said they do do not mandate built-in security for their applications.

And a further 20 per cent of UK firms said they do not even consider security when developing applications.

Built-in security is not being taken seriously enough, said Fran Howarth, principal analyst at Quocirca and author of the report.

“The findings of this report indicate that not enough is being done by organisations to build security into the applications on which their businesses rely," said Howarth.

"Not only that, but they are entrusting large parts of their application development needs to third parties. This creates an even greater onus for organisations to thoroughly test all code generated for applications — without which they could be playing into the hands of hackers.”

Half of firms that consider software development to be business critical or important outsource more than 40 per cent of their programming needs.

Fifty-five per cent of public sector organisations outsource more than 40 per cent of their coding and 64 per cent say development is only moderately important.

Utility companies place the greatest importance on software development, with 90 per cent citing it as important or business critical. Only seven per cent of utilities outsource more than eight percent of code development.

The survey questioned 250 senior executives and IT directors at medium to large firms in the UK, US and Germany.