Microsoft Study: Less Than Half of Developers Use a Security Process

Less than half of all developers use a security development process when building applications, according to a recent Microsoft study.

In a blog post, Tim Rains, director of Microsoft's Trustworthy Computing effort, said results of a Microsoft study conducted by ComScore showed that security was not considered a "top priority" by 42 percent of developers worldwide when building software.

Moreover, Rains noted that while security development processes have been shown to reduce the number and severity of vulnerabilities found in software, nearly half of all developers—44 percent—do not use a secure application program or process, according to the Microsoft Trust in Computing survey.

The reasons for not using security development processes are varied, Rains said. For 34 percent of developers, "cost is the primary reason for not using a security development process, followed by a lack of support and training—33 percent," he said.

Because of a lack of management approval, 24 percent indicated that they don't use a security development process, he added.

The study also showed that globally, only about two-thirds of developers always take security into account when developing or contracting software. In India, 83 percent of developers always consider security when creating or contracting applications. This is followed by the United States where 72 percent always keep security concerns in mind when developing applications, the survey showed. More information on the survey can be found here.

To help increase adoption of security development practices, Microsoft provides free, downloadable tools and guidance on its Security Development Lifecycle (SDL) Website, Rains said. "Resources such as the Simplified Implementation of the SDL, SDL for Agile guidance, the Threat Modeling Tool and the Attack Surface Analyzer can help automate and enhance the SDL process, gain efficiencies and ease the implementation of the SDL," he said. "To help with implementation, Microsoft's Partner Network includes a number of members committed to helping customers adopt secure development practices based on the SDL."

However, "security isn't the only benefit that comes out of implementing an SDL process, as writing secure code also leads to real cost savings," Rains added. "An independent study by the Aberdeen Group showed that companies adopting a "secure at the source" (meaning a Microsoft SDL-like) strategy realized a fourfold return on their annual investments in application security. Forrester found that those practicing SDL specifically reported a visibly better return on investment."

The Trust in Computing survey was designed to help measure current levels of trust in technology products and services in terms of security and privacy as well as to identify where concerns may be slowing down technology adoption, Rains said.

ComScore surveyed 4,500 consumers, IT professionals and developers in Brazil, Canada, China, Germany, India, Japan, Russia, the United Kingdom and the United States.


Originally published on eWeek.

Comments

  • There are no comments yet. Be the first to comment!

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • Cloud-based applications need to be secure and Okta is an identity network and platform that allows you to safely scale these tools overtime. Read this white paper to learn how you can prepare for customer and employee growth and cloud identity management.

  • On-demand Event Event Date: June 30, 2015 Mitigating voice-facilitated fraud at contact centers is one of the biggest challenges facing financial institutions today. As fraud increases, contact centers have become the weakest link in the financial institutions security chain, and preventing fraud is of the highest priority for many financial firms. Check out this upcoming eSeminar for an overview of best practices in detecting and preventing contact center fraud and caller authentication, along with a …

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date