'Cybersecurity Market Report' Throws Light on Weaker Side of Organizational Security Practices

By CIOReview | Monday, September 14, 2015

NORTHPORT, NY: Code Dx, the software solutions provider releases the ‘Cybersecurity Market Report’ for Q3 2015, published by the cybersecurity research and market intelligence firm, Cybersecurity Ventures.

Code Dx sponsored the ‘Application Security Report’ that strongly proclaims, poor software development practices may be the biggest cyber-threat. As a solution, Steve Morgan, Founder and CEO at Cybersecurity Ventures expresses his view, "Software coders can use Code Dx to wrap security around their apps from the ground-up, and to analyze their legacy apps for vulnerabilities."

"The report really highlights the challenges software developers and security analysts face today and the need to perform application security testing throughout the software development process from early stages through post-release," said Anita D'Amico, Ph.D., CEO for Code Dx.

The report contains an overview of software development and application security trends, statistics, best practices, and resources for chief information security officers (CISOs) and IT security staff.

The report highlights on the facts that

Information Security Engineers do not completely understand the software development and Software developers have less knowledge on security.

The U.S. Department of Homeland Security (DHS) reveals that 90 percent of security breaches are the result of exploits against defects in the software. While the National Security Agency's (NSA) Center for Assured Software (CAS) disclosed that an average application security testing tool can cover a total code area of only 14 percent.

In support to the above statistics, Frank Zinghini, CEO of Applied Visions points out that the security industry mostly concentrates on the known vulnerabilities and is under-focused on vulnerabilities that hackers can exploit.

Also, Tim Clark, Head of Brand Journalism at SAP states that 84 percent of the organizations are being attacked in spite of deploying network security solutions; as attackers concentrate on application layer that is unattended to.