Call for improved software security standards
Australian information security company, Pure Hacking, has challenged the global software development community to improve its development standards and build secure software.
The consultancy believes that the corresponding rise in software vulnerabilities and increased risks to data security, business operations and reputational damage have reached a critical point requiring intervention.
Rob McAdam, CEO of Pure Hacking, says the current lack of security understanding in
software development teams has reached its tipping point.
“There is a growing lack of understanding about the security required in the development of software, whether it is developed in-house or via outsourcing.
Software outsourcing is growing annually by 30% in India alone and this growth will
continue across the global outsourcing hotspots. By participating and contributing to this increased use of outsourcing, organisations unknowingly may be introducing increased levels of security risk in exchange for short term profits,” he said.
Mr McAdam believes that development teams may sometimes lack the knowledge of the minimum security requirements for a project. Often, they are under tremendous resource constraints and may not follow processes and technology that is necessary for secure coding and architecture. Many software projects are seen as additional overhead by Boards and senior management and as a result, the organization outsources the projects due to cost requirements.
Additionally he believes that without change to software development processes, the costs of re-working insecure software will also rise.
“Insecure software now has a dollar value attached to it and it is no longer the case that it is a minor inconvenience to address security breaches. Hackers are destroying businesses.
The rising incidence of hacking will continue and new legislation will not be able to control it,” he said.
Pure Hacking advises that there is no ‘silver bullet’ to eliminate software security vulnerabilities. Web Application Firewalls (WAF’s) and database security tools help reduce the risk, but do not ultimately provide the solution to the issue of underlying security protocols.
The consultancy is now appealing to the larger business community to introduce a more
rigorous standards-based methodology to improve built-in software security standards.
“Major corporations have remedied software security issues to the tune of hundreds of
millions of dollars per crisis recently. If they had adequately addressed security during the design and development stages, the old adage of ‘do it once and do it properly’ would have applied.”