We are seeing increased attention on application security in terms of the security of applications companies build. But when it comes to the applications that companies buy, strategies at most companies remain fragmented and ineffective. These plans depend on questionnaires regarding the application security practices at the vendor – which means the enterprise must trust that the vendor is both knowledgeable and forthcoming about its application security practices. Given the current state of application security – two-thirds of applications remain untested before deployment – this trust is misplaced. It isn't so much that vendors are trying to mislead enterprises. The problem is they themselves are struggling with security.
How can companies purchase the software they need to run their business, innovate faster and remain confident they are not introducing unnecessary risk into the organization? In addition to questionnaires, forward-thinking enterprises have found ways to ensure the applications they are buying meet the same security standards as the applications they are building.
Wendy Nather, Research Director, Enterprise Security Practice at 451 Research spoke with eight different enterprises about how they are tackling the third-party software security challenge. The report will be available soon.
On June 16th, Wendy will discuss her findings from these interviews and provide her opinions regarding third-party software security. You can join the discussion by registering for the webinar here: https://info.veracode.com/webinar-why-enterprises-are-finally-discussing-the-elephant-in-the-room.html