Findings show companies are integrating security measures, but developer education still lagging
Feb 09,2007 00:00 by Bend Weekly News Sources

Industry Leaders and Educators for Third Year in a Row Gather at Secure Software Forum Launch Event at RSA Conference to Discuss Directive for Software Security

Dynamics, Inc. yesterday announced this week results from the Secure Software Forum (SSF) 2006 educational initiatives and revealed details of the Secure Software Forum 2007 program.

The SSF was first launched in February 2005 as an educational initiative to provide leading executives spanning all disciplines within the application lifecycle local forums to discuss their challenges, experiences and best practices regarding the shared global mandate to improve software security. The 2007 Secure Software Forum marks the third year of this successful initiative.

"Organizations are learning that application security assurance is critical in today's web-enabled environment and must be a deeply integrated part of any enterprise's overall software development initiative," said Howard Schmidt, keynote speaker for yesterday's Secure Software Forum 2007 kickoff event and International President of the Information Systems Security Association (ISSA). "As one of the world's largest and most widely recognized independent associations focused on information security across the enterprise, ISSA is committed to raising awareness of this issue within the entire organization and we are actively investigating ways to increase awareness and training in this area."

Secure Software Forum 2006 Survey Results

Recent findings from 2006 SSF participants' survey indicate that organizations are moving towards a more proactive approach to security assurance in their development lifecycle. 43 percent noted that secure coding experience is now a requirement for new development hires - a 25 percent increase over 2005 survey results. 57 percent of respondents said they have integrated a security assurance program into their own development process, representing a dramatic increase from the 70 percent of respondents in the 2005 survey who indicated they had not. While these numbers show promising advancements, results also found corporate secure coding educational programs had only been implemented by 41 percent of respondents, a slight increase over last year's finding of 36 percent.

  Organizations participating in the 2006 SSF survey also reported:

   - 48% have a combination of outsourced and in-house application

     development efforts

   - 32% have sophisticated security testing tools and a well defined

     process

   - 76% said their information security group was actively involved during

     the requirements phase of the development process

   - 76% are familiar with Microsoft's Security Development Lifecycle (SDL)

"We're very pleased with the progress that organizations have made to integrate security assurance into their development process," said Brian Cohen, president and CEO, SPI Dynamics. "We are particularly pleased to have seen the increased participation from software developers and testing professionals throughout the 2006 Secure Software Forum events."