Forrester's "Application Risk Management in Business Survey" research, commissioned by application risk management platform supplier Veracode, surveyed more than 200 respondents from 180 different businesses across various industry sectors. Development, security and risk professionals across the UK and US were interviewed.
Most security breaches were due to exploitation of vulnerabilities in their critical software applications.
Insecure software is a top priority for management and developers alike. While companies feel they know the make-up and business criticality of their mixed application portfolios, there is little confidence in the security quality of their applications.
The UK uses less open source and outsourced applications extensively for business critical functions and has a lower of ratio of security personnel to developers, but the results in terms of breaches were in essence the same, the review concluded.
Only 34 percent of companies have a comprehensive software development lifecycle (SDLC) that includes application security.