1. Market Research
  2. > Software Market Trends

Driving to Root Cause Vulnerability Remediation

  • December 2013
  • 10 pages
  • Frost & Sullivan
Report ID: 1936435

Summary

Table of Contents

Introduction

Executives in charge of their organization’s data and infrastructure security have concerns. Top of the list is application vulnerabilities; that is, the looseness in application software code and logic that provide attackers the means and opportunity to pursue their nefarious activities (e.g., exfiltrate valuable data, steal intellectual property, disrupt operations, and damage the victim’s public reputation). Confirming this concern is a 2012 global survey of information security professionals, commissioned by (ISC)2 and conducted by Frost & Sullivan.
As shown in this chart, percent of security executives rated application vulnerabilities as either a top or high concern. This number one ranking is not exclusive to security executives. Near equal levels of concern were expressed by all categories of security professionals (e.g., security architects, auditors, managers, and security analysts) regardless of industry vertical and company size. In other words, application vulnerabilities are a recognized, pervasive, and significant security concern.

Reducing the number and severity of application vulnerabilities during software development would seem to be the most logical remedy to this situation. Yet, as discussed in this SPIE, involvement in secure software development by security professionals pales relative to their level of concern over application vulnerabilities. Additionally, form and function priorities for application developers keep secure software development at the low end of their priority ladders.
These points notwithstanding, there is reason to be optimistic that secure software development will gain increasing favor among application development and security teams. While far from an immediate sea-change, several factors described in this SPIE are coalescing to move the needle on secure software development.

Limited Involvement in Secure Software Development

As stated in the Introduction, security professionals are not extensively involved in secure software development. This is not to say that there are no security professionals deeply engaged; rather, the degree of involvement pales when compared to the degree of concern expressed by the community of security professionals.
From the survey, there are two prominent data points that highlight this community’s limited involvement. First is how much and where they are involved in software development. The survey points to low personal involvement—only percent of the surveyed security professionals state that they are personally involved in software development; and percent indicated that they are involved in software procurement. Their involvement is, as shown in this chart, also not uniform across the multiple stages of software lifecycle, and is heaviest in specifying requirements. With the potential of application vulnerabilities being introduced at all stages in the software lifecycle, and severity being a function of the evolving threat environment (i.e., through persistence and time, attackers discover vulnerabilities and learn how best to exploit them), this non-uniformity in security professionals’ engagement is disconcerting.

With only a small set of security professionals personally active in either secure software development or software procurement, the question is: which security operations activities are consuming their time and talents? That answer is shown in the chart at the left, which leads to another question. If more attention was placed on secure software development by security professionals, might the time spent on these other security operations activities be reduced? Potentially yes; but the time spent must also be effective; and that requires knowledge and skill—which leads to the second data point on security professionals’ limited involvement in secure software development.
Here too, the survey responses are not promising that the community of security professionals has the set of skills necessary to be effective. Only one percent of the surveyed security professionals claim to have the Certified Secure Software Lifecycle Professional (CSSLP) certification. For a profession that emphasizes certification as a demonstration of proficiency, this too is disconcerting on the effectiveness of security teams in ensuring that applications are designed to operate securely.

Get Industry Insights. Simply.

  • Latest reports & slideshows with insights from top research analysts
  • 60 Million searchable statistics with tables, figures & datasets
  • More than 25,000 trusted sources
  • Single User License — provides access to the report by one individual.
  • Department License — allows you to share the report with up to 5 users
  • Site License — allows the report to be shared amongst all employees in a defined country
  • Corporate License — allows for complete access, globally.

Veronica helps you find the right report:

Testimonials

The research specialist advised us on the best content for our needs and provided a great report and follow-up, thanks very much we shall look at ReportLinker in the future.

Kate Merrick

Global Marketing Manager at
Eurotherm by Schneider Electric

We were impressed with the support that ReportLinker’s research specialists’ team provided. The report we purchased was useful and provided exactly what we want.

Category Manager at
Ikea

ReportLinker gave access to reliable and useful data while avoiding dispersing resources and spending too much time on unnecessary research.

Executive Director at
PwC Advisory

The customer service was fast, responsive, and 100% professional in all my dealings (...) If we have more research needs, I'll certainly prioritize working with ReportLinker!

Scott Griffith

Vice President Marketing at
Maurice Sporting Goods

The research specialist provided prompt, helpful instructions for accessing ReportLinker's product. He also followed up to make sure everything went smoothly and to ensure an easy transition to the next stage of my research

Jessica P Huffman

Research Associate at
American Transportation Research Institute

Excellent customer service. Very responsive and fast.

Director, Corporate Strategy at
Ingredion

I reached out to ReportLinker for a detailed market study on the Air Treatment industry. The quality of the report, the research specialist’s willingness to solve my queries exceeded my expectations. I would definitely recommend ReportLinker for in-depth industry information.

Mariana Mendoza

Global Platform Senior Manager at
Whirlpool Corporation

Thanks! I like what you've provided and will certainly come back if I need to do further research works.

Bee Hin Png

CEO at
LDR Pte Ltd

The research specialist advised us on the best content for our needs and provided a great report and follow-up, thanks very much we shall look at ReportLinker in the future.

Kate Merrick

Global Marketing Manager at
Eurotherm by Schneider Electric

Purchase Reports From Reputable Market Research Publishers

3D Machine Vision Market by Offering (Hardware, and Software), Product (PC Based, and Smart Camera Based), Application, Vertical (Industrial and Non - Industrial), and Geography - Global Forecast to 2022

  • $ 5650
  • Industry report
  • March 2017
  • by MarketsandMarkets

“3D machine vision market is expected to grow at a CAGR of 11.07% between 2017 and 2022” The 3D machine vision market is expected to be valued at USD 2.13 billion by 2022, growing at a CAGR of 11.07% ...

Internet of Things Operating Systems Market by Component Type, User Type, Application Area, and Region - Global Forecast to 2022

  • $ 5650
  • Industry report
  • May 2017
  • by MarketsandMarkets

The increasing traction for emergence of cloud computing, mobility technology, and growing need for data consistency in the enterprises are driving the IoT (Internet of Things) operating systems market ...

Ground Handling Software Market by Application, Software, Airport Class, Investment Type, and Region - Global Forecast to 2022

  • $ 5650
  • Industry report
  • February 2017
  • by MarketsandMarkets

“The increasing usage of software to manage passenger traffic is one of the key factors expected to drive the growth of the ground handling and support software market” The ground handling and support ...


Download Unlimited Documents from Trusted Public Sources

Software Industry in Australia - Forecast

  • May 2017
    13 pages
  • Software  

  • Australia  

View report >

Software Industry in Australia - Forecast

  • May 2017
    13 pages
  • Software  

  • Australia  

View report >

The future of the Software Industry

  • April 2017
    21 pages
  • Software  

    Data Analytics  

    Information Tec...  

  • World  

    United States  

View report >

Related Market Segments :

Application Software
Software

ref:plp2013

Reportlinker.com © Copyright 2017. All rights reserved.

ReportLinker simplifies how Analysts and Decision Makers get industry data for their business.