Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

What are application security initiatives?

What are application security initiatives and why would a company need one? SearchAppSecurity.com expert Jeff Williams explains.

I've been reading and hearing about application security initiatives. What are these and why would a company need one?
Today, every business function relies on custom software applications. These applications are typically built under tremendous time pressures by internal or contracted developers to fulfill a specific business need. Organizations need to be able to trust that this software has appropriate security mechanisms to thwart attacks and that the code does not contain vulnerabilities. Even software product companies have an extremely difficult time achieving trustworthy code, and experience shows that most custom applications have far more vulnerabilities than products. Recent market trends show a clear pattern: Organizations need an application security initiative in order to achieve this level of trust in their custom-built applications.

Application security initiatives typically start with efforts to identify which activities make sense for a particular company's culture and development process. Generally, assessments of key applications and developer training are good places to gather the necessary data. Based on this data and analysis of the organizational root causes of issues identified, targeted improvements can be made. The first targeted improvement might focus on process improvements such as integrating security requirements, threat modeling and security testing. Or it might target supporting technology, such as vulnerability analysis tools, development environment additions, or security issue management tools. In some organizations, the right first step is organizational, establishing an application security team to support a large number of projects.
This was last published in January 2006

Dig Deeper on Building security into the SDLC (Software development life cycle)

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.