Hackers target outsourced app development

Who's got your code?

Mon 7 Apr 2008 // 14:46 UTC

Many firms fail to think about security when they outsource application development.

Three in five (60 per cent) organisations overlook procedures to mandate security in software development outsourcing, according to a study by analysts Quocirca. One in five (20 per cent) fail to consider security even when building applications in-house.

Quocirca's figures come from a survey of 250 senior executives in the UK, US, and Germany. It found that outsourcing of code development is widespread, and growing in importance. More than 50 per cent of those organisations quizzed outsourced more than 40 per cent of their code development needs.

Hackers are increasingly targeting application rather than operating system vulnerabilities.

TS Ameritrade showed last year what such practises can do when it admitted that a backdoor created by an outsourced programmer was to blame for the loss of 6.3 million customers' details.

The report found that financial services companies are most likely to outsource their code development needs, with 72 per cent reporting that they outsource more than 40 per cent of this work. The majority (84 per cent) of these organisations said code development is either business critical or important.

Public sector organisations are also big outsourcers, with 55 per cent outsourcing more than 40 per cent of their code development.

By contrast, utilities rarely outsource such work - just seven per cent outsource more than eight percent of code development.

"Not enough is being done by organisations to build security into the applications on which their businesses rely," said Fran Howarth, principal analyst at Quocirca and author of the report. "Not only that, but they are entrusting large parts of their application development needs to third parties. This creates an even greater onus for organisations to thoroughly test all code generated for applications — without which they could be playing into the hands of hackers."

The survey also found that exposure to Web 2.0 technologies — among the least understood, but considered to be among the most insecure software development models — is high. It also found that data protection is the key driver behind application security for the majority of organisations polled. ®

More about

COMMENTS

TIP US OFF

Send us news

Topics

Special Features

Vendor Voice

Resources

Channel

Hackers target outsourced app development

Who's got your code?

More about

TIP US OFF

Other stories you might like

NASA will send astronauts to patch up leaky ISS telescope

185K people's sensitive data in the pits after ransomware raid on Cherry Health

Admin alert: Copilot app lands on Windows Server 2022

Industrial systems integrating digitalisation

Micron scores $6.1B CHIPS Act cash for New York and Idaho fabs

Google laying off staff again and moving some roles to 'hubs,' freeing up cash for AI investments

EU tells Meta it can't paywall privacy

Novelty flip phone strips out almost every feature possible to be as boring as possible

Prolific phishing-made-easy emporium LabHost knocked offline in cyber-cop op

Debian spices up APT package manager with a dash of color, squishes ancient bug

AI PCs are here but a killer application for biz users? Nope

Valkey publishes release candidate and attracts new backer

About Us

Our Websites

Your Privacy