Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Do application security initiatives work?

Application security initiatives sound good in theory, but do they work? SearchAppSecurity.com expert Jeff Williams says yes. Read his explanation here.

Application security initiatives sound good in theory, but do they work?
Many organizations have started an application security initiative to improve their ability to produce secure code. These programs involve training, team-building, software lifecycle process improvements and technology to support securing applications. Several vendors, including Microsoft, Oracle, RedHat and Compuware have publicly committed to these initiatives. Product vendors are now starting to report the benefits of these initiatives. Microsoft, for example, has noted a 60% drop in application security issues on projects where their secure development lifecycle is followed.

Many private companies have also started such efforts. Several have saved development costs and protected their reputation by identifying application security issues early in their software development lifecycle. Many smaller companies are also starting to recognize the business necessity of being able to produce trustworthy software. Soon, one can predict that all organizations producing software will be expected to have an application security initiative in place.
This was last published in January 2006

Dig Deeper on Building security into the SDLC (Software development life cycle)

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.