Microsoft Study: Less Than Half of Developers Use a Security Process

Less than half of all developers use a security development process when building applications, according to a recent Microsoft study.

In a blog post, Tim Rains, director of Microsoft's Trustworthy Computing effort, said results of a Microsoft study conducted by ComScore showed that security was not considered a "top priority" by 42 percent of developers worldwide when building software.

Moreover, Rains noted that while security development processes have been shown to reduce the number and severity of vulnerabilities found in software, nearly half of all developers—44 percent—do not use a secure application program or process, according to the Microsoft Trust in Computing survey.

The reasons for not using security development processes are varied, Rains said. For 34 percent of developers, "cost is the primary reason for not using a security development process, followed by a lack of support and training—33 percent," he said.

Because of a lack of management approval, 24 percent indicated that they don't use a security development process, he added.

The study also showed that globally, only about two-thirds of developers always take security into account when developing or contracting software. In India, 83 percent of developers always consider security when creating or contracting applications. This is followed by the United States where 72 percent always keep security concerns in mind when developing applications, the survey showed. More information on the survey can be found here.

To help increase adoption of security development practices, Microsoft provides free, downloadable tools and guidance on its Security Development Lifecycle (SDL) Website, Rains said. "Resources such as the Simplified Implementation of the SDL, SDL for Agile guidance, the Threat Modeling Tool and the Attack Surface Analyzer can help automate and enhance the SDL process, gain efficiencies and ease the implementation of the SDL," he said. "To help with implementation, Microsoft's Partner Network includes a number of members committed to helping customers adopt secure development practices based on the SDL."

However, "security isn't the only benefit that comes out of implementing an SDL process, as writing secure code also leads to real cost savings," Rains added. "An independent study by the Aberdeen Group showed that companies adopting a "secure at the source" (meaning a Microsoft SDL-like) strategy realized a fourfold return on their annual investments in application security. Forrester found that those practicing SDL specifically reported a visibly better return on investment."

The Trust in Computing survey was designed to help measure current levels of trust in technology products and services in terms of security and privacy as well as to identify where concerns may be slowing down technology adoption, Rains said.

ComScore surveyed 4,500 consumers, IT professionals and developers in Brazil, Canada, China, Germany, India, Japan, Russia, the United Kingdom and the United States.


Originally published on eWeek.

Comments

  • There are no comments yet. Be the first to comment!

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • With the average cost of a data breach reaching $3.5 million, the pressure is intense to maintain the security and compliance of your data center. It only takes one breach and the cost to your organization can spiral out of control. In this white paper, you will discover how your organization may be at risk and how you can protect your data center from costly and highly visible breaches. Through the Intelligent Compliance process, you will learn how you can: Automate the discovery process for your …

  • As mobile devices have pushed their way into the enterprise, they have brought cloud apps along with them. This app explosion means account passwords are multiplying, which exposes corporate data and leads to help desk calls from frustrated users. This paper will discover how IT can improve user productivity, gain visibility and control over SaaS and mobile apps, and stop password sprawl. Download this white paper to learn: How you can leverage your existing AD to manage app access. Key capabilities to …

Most Popular Programming Stories

More for Developers

Latest Developer Headlines

RSS Feeds