Secure at the Source

Ounce Labs, an IBM Company

Countless studies and analyst recommendations suggest the value of improving security during the software development life cycle rather than trying to address vulnerabilities in software discovered after widespread adoption and deployment. The justification is clear.For software vendors, costs are incurred both directly and indirectly from security flaws found in their products. Reassigning development resources to create and distribute patches can often cost software vendors millions of dollars, while successful exploits of a single vulnerability have in some cases caused billions of dollars in losses to businesses worldwide. Vendors blamed for vulnerabilities in their product's source code face losses in credibility, brand image, and competitive advantage. A study in 2005 by Carnegie Mellon found that the stock price of vendors declined an average of .63 percent compared to the NASDAQ after a vulnerability is discovered in their software.

Email this page
Published:  Dec 29, 2009
Length:  24
Type:  White Paper
Tags : 
source code vulnerability testing, independent model, centralized model, distributed model, software development life cycle, source code scanning, application security, source code security testing