When software developers have to make a choice between building security into their products or meeting a delivery deadline, the deadline usually wins, according to a new survey.
It's not that developers consider application security unimportant, according to the survey, conducted by Symantec. In fact, security is more of a priority now than it was three years ago, according to 93 percent of the respondents, and 74 percent said they considered it a "high priority" during the development process.
However, only 29 percent said that application security was always part of development.
The main problem appears to be pressures to meet deadlines and beat competitors to market. According to the survey, only 12 percent of developers said security always takes priority over meeting deadlines.
Their bosses are not much help. Seventy percent of developers said their employers considered security a priority, but only 40 percent said they had received relevant training.
The survey, conducted in June 2006, involved at least 400 U.S.-based software companies.
Symantec officials say security problems in the source code has been a major cause of vulnerabilities in recent months, but the company's March 2006 Internet Security Threat Report found that vulnerabilities in Web-based applications were on the rise. Some 69 percent of vulnerabilities found during the second half of 2005 were application-related.
Digg
De.licio.us
Slashdot
Technorati
