> Ounce Labs, an IBM Company > Secure at the Source
 

Secure at the Source

White Paper Published By: Ounce Labs, an IBM Company
Ounce Labs, an IBM Company
Published:  Dec 29, 2009
Type:  White Paper
Length:  24 pages

Countless studies and analyst recommendations suggest the value of improving security during the software development life cycle rather than trying to address vulnerabilities in software discovered after widespread adoption and deployment. The justification is clear.For software vendors, costs are incurred both directly and indirectly from security flaws found in their products. Reassigning development resources to create and distribute patches can often cost software vendors millions of dollars, while successful exploits of a single vulnerability have in some cases caused billions of dollars in losses to businesses worldwide. Vendors blamed for vulnerabilities in their product's source code face losses in credibility, brand image, and competitive advantage. A study in 2005 by Carnegie Mellon found that the stock price of vendors declined an average of .63 percent compared to the NASDAQ after a vulnerability is discovered in their software.



Tags : 
source code vulnerability testing, independent model, centralized model, distributed model, software development life cycle, source code scanning, application security, source code security testing