Cookie policy: This site uses cookies (small files stored on your computer) to simplify and improve your experience of this website. Cookies are small text files stored on the device you are using to access this website. For more information on how we use and manage cookies please take a look at our privacy and cookie policies. Some parts of the site may not work properly if you choose not to accept cookies.

sections
Home > Ounce Labs, an IBM Company > Secure at the Source
 

Secure at the Source

White Paper Published By: Ounce Labs, an IBM Company
Ounce Labs, an IBM Company
Published:  Dec 29, 2009
Type:  White Paper
Length:  24 pages

Countless studies and analyst recommendations suggest the value of improving security during the software development life cycle rather than trying to address vulnerabilities in software discovered after widespread adoption and deployment. The justification is clear.For software vendors, costs are incurred both directly and indirectly from security flaws found in their products. Reassigning development resources to create and distribute patches can often cost software vendors millions of dollars, while successful exploits of a single vulnerability have in some cases caused billions of dollars in losses to businesses worldwide. Vendors blamed for vulnerabilities in their product's source code face losses in credibility, brand image, and competitive advantage. A study in 2005 by Carnegie Mellon found that the stock price of vendors declined an average of .63 percent compared to the NASDAQ after a vulnerability is discovered in their software.



Tags : 
source code vulnerability testing, independent model, centralized model, distributed model, software development life cycle, source code scanning, application security, source code security testing