Outsource your code & you're more likely to be hacked
07 April, 2008
From this study of the organisations stating that software code development is business critical or important to them, 50 percent outsource more than 40 percent of their code development needs.
Statistics already show that the software application layer is where most hackers are accessing critical data. According to NIST (National Institute of Standards and Technology), 92 percent of vulnerabilities affecting computer networks are contained in software applications. As organisations increasingly look to outsource application development, more components of software applications are being developed outside of their direct control.
An organisation that has not developed the code itself can never be absolutely certain that it is secure.
However strong a relationship with a third-party developer, or watertight the service-level agreements in place, a rogue developer can place vulnerabilities in the code that they develop - for example, by placing a backdoor in software that can be used to infiltrate a network in the future.
This is something TS Ameritrade found out to its cost when it was forced to disclose in 2007 that personal details regarding 6.3 million customers had been leaked through a vulnerability caused by a backdoor created by an outsourced programmer.
Howard Schmidt, Member of Fortify Software Board of Directors and previously Cyber Security Advisor for the White House said: “These survey results help explain the recent, sudden rise in data breaches and should serve as a wake-up call to any executive whose company sits on a pile of mission-critical application code. “
Statistics already show that the software application layer is where most hackers are accessing critical data. According to NIST (National Institute of Standards and Technology), 92 percent of vulnerabilities affecting computer networks are contained in software applications. As organisations increasingly look to outsource application development, more components of software applications are being developed outside of their direct control.
An organisation that has not developed the code itself can never be absolutely certain that it is secure.
However strong a relationship with a third-party developer, or watertight the service-level agreements in place, a rogue developer can place vulnerabilities in the code that they develop - for example, by placing a backdoor in software that can be used to infiltrate a network in the future.
This is something TS Ameritrade found out to its cost when it was forced to disclose in 2007 that personal details regarding 6.3 million customers had been leaked through a vulnerability caused by a backdoor created by an outsourced programmer.
Howard Schmidt, Member of Fortify Software Board of Directors and previously Cyber Security Advisor for the White House said: “These survey results help explain the recent, sudden rise in data breaches and should serve as a wake-up call to any executive whose company sits on a pile of mission-critical application code. “
Recommended Articles
blog comments powered by Disqus
