Microsoft Study: Less Than Half of Developers Use a Security Process

WEBINAR:
On-Demand

Application Security Testing: An Integral Part of DevOps


Less than half of all developers use a security development process when building applications, according to a recent Microsoft study.

In a blog post, Tim Rains, director of Microsoft's Trustworthy Computing effort, said results of a Microsoft study conducted by ComScore showed that security was not considered a "top priority" by 42 percent of developers worldwide when building software.

Moreover, Rains noted that while security development processes have been shown to reduce the number and severity of vulnerabilities found in software, nearly half of all developers—44 percent—do not use a secure application program or process, according to the Microsoft Trust in Computing survey.

The reasons for not using security development processes are varied, Rains said. For 34 percent of developers, "cost is the primary reason for not using a security development process, followed by a lack of support and training—33 percent," he said.

Because of a lack of management approval, 24 percent indicated that they don't use a security development process, he added.

The study also showed that globally, only about two-thirds of developers always take security into account when developing or contracting software. In India, 83 percent of developers always consider security when creating or contracting applications. This is followed by the United States where 72 percent always keep security concerns in mind when developing applications, the survey showed. More information on the survey can be found here.

To help increase adoption of security development practices, Microsoft provides free, downloadable tools and guidance on its Security Development Lifecycle (SDL) Website, Rains said. "Resources such as the Simplified Implementation of the SDL, SDL for Agile guidance, the Threat Modeling Tool and the Attack Surface Analyzer can help automate and enhance the SDL process, gain efficiencies and ease the implementation of the SDL," he said. "To help with implementation, Microsoft's Partner Network includes a number of members committed to helping customers adopt secure development practices based on the SDL."

However, "security isn't the only benefit that comes out of implementing an SDL process, as writing secure code also leads to real cost savings," Rains added. "An independent study by the Aberdeen Group showed that companies adopting a "secure at the source" (meaning a Microsoft SDL-like) strategy realized a fourfold return on their annual investments in application security. Forrester found that those practicing SDL specifically reported a visibly better return on investment."

The Trust in Computing survey was designed to help measure current levels of trust in technology products and services in terms of security and privacy as well as to identify where concerns may be slowing down technology adoption, Rains said.

ComScore surveyed 4,500 consumers, IT professionals and developers in Brazil, Canada, China, Germany, India, Japan, Russia, the United Kingdom and the United States.


Originally published on eWeek.

Comments

  • There are no comments yet. Be the first to comment!

  • You must have javascript enabled in order to post comments.

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • On-Demand Webinar The May 2018 deadline for compliance with the European Union's General Data Protection Regulation (GDPR) is receiving a lot of attention, and rightfully so. But regardless of where your organization stands with regard to its GDPR preparations, the work it puts into GDPR compliance will greatly improve the overall security and risk profile of the business going forward. In fact, many of the GDPR requirements can be mapped directly to best practices for reducing your IT risk, including …

  • After being recognized for three years in a row as a leader in Gartner's Magic Quadrant for Enterprise File Synchronization and Sharing (EFSS), Box is honored to once again be recognized by Gartner, this time in the new Magic Quadrant for Content Collaboration Platforms. Gartner evaluated 14 different vendors in the Content Collaboration Platforms market segment based on their completeness of vision and ability to execute on that vision. As a leading Content Collaboration Platforms provider, Box has helped …

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date