A new Coverity survey of 240 software developers revealed that 51 percent had experienced at least one security incident related to Web applications in the past 18 months. Two companies surveyed lost more than £6 million (approximately $9.75 million) due to insecure Web apps, and 18 percent of those reporting incidents experienced related costs exceeding £308,000 (approximately $500,000).
Among Web app developers who reported incidents, 71 percent said they didn’t have the right security tools for development, and 71 percent said they didn’t have enough security funding. In addition, 79 percent said their security efforts couldn’t keep up with the amount of code they write.
“It’s clear that security practitioners and developers aren’t speaking the same language when it comes to application security, and this is leading to very costly consequences for companies,” said Coverity’s Jennifer Johnson. “Application security begins and ends with development. Developers need to be part of the solution but the industry won’t solve the problem until security is incorporated into the development process with technologies and processes that developers can understand and adopt. Force-feeding development with legacy tools built for security teams just isn’t working.”