Software Development Tops Security Pros’ List of Concerns

Susan Hall

What keeps security pros up at night? Software development – or at least the lack of security involved, according to a new study.

Respondents to the sixth Global Information Security Workforce Study, conducted by (ISC)²,   the non-profit organization that administers the Certified Information Systems Security Professional (CISSP) certification, ranked secure software development as their greatest worry.

That squares with the prediction of Avivah Litan, an analyst at Gartner Research, who expects that one in four DDoS attacks will be application based, as my colleague Sue Marquette Poremba has written.

In the (ISC)² survey of more than 12,000 security pros worldwide, only 12 percent said they were personally involved in software development, 20 percent in procurement, and just 10 percent were involved with outsourcing.


Malware and mobile device vulnerabilities are close behind as major worries; security concern is high for BYOD and cloud computing as well.

Meanwhile, just 28 percent said their organizations can remediate from a targeted attack within one day.

Other findings:

  • 52 percent of respondents believe there is a workforce shortage, compared to 2 percent that believe there is a surplus.
  • 80 percent of respondents did not change employers last year.
  • Location matters. 79 percent of security pros in developed countries in the Americas average salaries of US$80,000 or more, whereas only 12 percent of respondents in Asia-Pacific developing countries do.
  • They rated broad understanding of the security field as the most important factor to career success, followed by communication skills.
  • Nearly 70 percent view certification as a reliable indicator of competency. (Critics of Defense Department cybersecurity training surely disagree.)

"Now, more than ever before, we’re seeing an economic ripple effect occurring across the globe as a result of the dire shortage of qualified information security professionals we’ve been experiencing in recent years," said W. Hord Tipton, executive director of (ISC)², in a statement.

In apparent reference to recent reports of cyber attacks against private U.S. corporations, Tipton added:

"More and more enterprises are being breached. We must focus on building a skilled and qualified security workforce that is equipped to handle today’s and tomorrow’s most sophisticated cyber threats."



Add Comment      Leave a comment on this blog post
Mar 15, 2013 6:24 AM JM @ Arcisphere JM @ Arcisphere  says:
In light of the recent hacking of celebrity and high profile individuals, it's apparent that there is a need to build a stronger defense system to any company or organization to protect valuable information and privacy. Software Developers need to step up now more than ever. Reply
Mar 27, 2013 11:36 PM Geoffrey Bowman Geoffrey Bowman  says:
Cost is the main reason that most companies take into consideration when custom software development in a project. Reply
May 10, 2013 3:12 AM Benjamin Roman Benjamin Roman  says:
They ranked wide knowing of the security area as the most important aspect to profession success, followed by interaction abilities. Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.