Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

+ - Following Best Coding Practices Doesn't Always Mean Better Security->

Submitted by wiredmikey
wiredmikey (1824622) writes "While some best practices such as software security training are effective in getting developers to write secure code, following best practices does not necessarily lead to better security, WhiteHat Security has found.

Software security controls and best practices had some impact on the actual security of organizations, but not as much as one would expect, WhiteHat Security said in its Website Security Statistics Report. The report correlated vulnerability data from tens of thousands of Websites with the software development lifecycle (SDLC) activity data obtained via a survey. But there is good news — as organizations introduced best practices in secure software development, the average number of serious vulnerabilities found per Website declined dramatically over the past two years.

"Organizations need to understand how different parts of the SDLC affects how vulnerabilities are introduced during software development, Jeremiah Grossman, co-founder and CTO of WhiteHat said.

Interestingly, all the Websites tested under the study, 86 percent had at least one serious vulnerability exposed to attack every single day in 2012, and on average, resolving vulnerabilities took 193 days from the time an organization was first notified of the issue."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Following Best Coding Practices Doesn't Always Mean Better Security

Comments Filter:

The IQ of the group is the lowest IQ of a member of the group divided by the number of people in the group.

Working...