|
Secure Your Applications From The Start |
|
|
|
Source: Security Pipeline - Posted by Eric Lubow
|
Information security in financial services is one of the highest priorities for C-level executives. CEOs don't want the bad press and liabilities associated with a security breach, and CIOs know that their phones will be the first to ring if data is compromised. Adding to the urgency of the issue, the number of reported security vulnerabilities and the cost per incident continue to rise, according to the 2005 Computer Security Institute/FBI Computer Crime and Security Survey. But most IT shops don't properly test applications for security flaws during the development life cycle, resulting in apps riddled with vulnerabilities. Too often, security and application development are viewed as separate disciplines. Part of the problem is that security teams often are called in to add security to software post-development, rather than working alongside developers during the development process.
"There's a lack of knowledge by most developers about what vulnerabilities they're supposed to be looking for when they build software," says Ted DeZabala, principal of the securities services group at Deloitte & Touche. As a result, vulnerabilities often aren't adequately addressed. The Depository Trust & Clearing Corp., which handled more than $1 quadrillion in securities transactions last year, is one company that's tackling this issue head on. By using a customized software security development process, it's building security into its software during the development stage and advising other financial institutions to do the same.
Read this full article at Security Pipeline
Powered by AkoComment! |
