“When the majority of information security professionals who have at least some oversight over the software development lifecycle are seeking more training and guidance, managers need to take heed”
Palm Harbor, FL (PRWEB) November 9, 2010
(ISC)²® (“(ISC)²-squared”), the world’s largest information security professional body and administrators of the CISSP®, today announced the results of a survey taken last week at its (ISC)2 Security Leadership event, “Secure SDLC: Building Security into the Software Lifecycle,” in Washington, D.C.
The event was part of (ISC)2’s Secure Software Conference Series, launched earlier this year to provide software development personnel and security professionals with analysis and information on the latest issues affecting security throughout the software lifecycle and included topics of concern for both private and public sector organizations.
“When the majority of information security professionals who have at least some oversight over the software development lifecycle are seeking more training and guidance, managers need to take heed,” says W. Hord Tipton, CISSP-ISSEP, CAP, CISA, executive director of (ISC)2 and former CIO at the U.S. Department of the Interior.
“In light of the industry’s dependence on Web applications and its rapid migration to virtual and mobile environments, senior management must gain awareness of the grave risks involved with insecure software and create a culture that inspires education for all those involved in the software development lifecycle.”
The audience survey revealed:
- 100 percent believe that insecure software presents a significant threat to the U.S. federal government enterprise.
- 80 percent say their organization does not provide sufficient training and guidance for secure application development and 78 percent say their organization does not provide sufficient training and guidance for secure application delivery.
- 37 percent believe the first priority for improving security across the software delivery lifecycle should be training and education, with 33 percent believing it is top priority to address culture, attitude and mindset within their organizations.
- 78 percent are using or have plans to use virtualization, and 48 percent are using or plan to use cloud. Of the different platforms they are likely to deploy, respondents most need guidance on the security impact of cloud (24 percent) and Software as a Service (SaaS) (16 percent) platforms.
Of the nearly 50 respondents, 51 percent were employed by a federal government contractor, while 16 percent were employed by a federal, state or local government agency, and 18 percent employed by vendors selling to the U.S. federal government.
Full survey results can be downloaded at http://bit.ly/aR62xL
SecureSDLC: Building Security into the Software Lifecycle
Courtney Jewell Beveridge
© 2010, (ISC)² Inc. (ISC)², CISSP, ISSAP, ISSMP, ISSEP, and CSSLP, CAP, SSCP and CBK are registered marks of (ISC)², Inc.