Offshore DevelopmentThe State of Offshore DevelopmentOffshore development enables companies to focus on their core business, while lowering their development costs and gaining access to hard to find skills. Not only does offshore development provide the enterprise with flexibility, they are now able to take advantages of mature processes and methodologies offered by the provider to improve service levels. However, due to training and offshore developer turnover, secure coding and application security testing are often overlooked. This pushes both costs and liabilities of offshore development onto the enterprise resulting in an unacceptable level of unbounded risk. Offshore Development TrendsIt comes as no surprise that the amount of offshore development has been transforming development processes for the past ten years. In fact, according to analyst firm Gartner, offshore development is expected to rise from over $50 billion today to over $88 billion within four years and InformationWeek has reported that over two-thirds of the companies in the InformationWeek 500 use at least some offshore development to build and maintain their applications. India leads all locations with over 42% of the offshore development market, followed by China and Europe as highlighted in the chart below:
 Securing Offshore Development with VeracodeThe best defense and easiest way to reduce application security risks from offshore development is to not let those very risks enter the organization from the outset. Analyst firm Gartner recommends that security testing for all offshore development be mandatory and that applications should not be accepted unless they have been tested for vulnerabilities. Veracode’s Outsourcing SecurityReview provides a simple and cost effective way for enterprises to create clear and measurable security metrics around application vulnerabilities and establish SLAs to encourage secure offshore development standards with their outsourcing development partners. |
