As if cost and quality weren't enough to worry about with outsourcing initiatives, businesses need to address the inherent security of applications developed for them by outsiders, according to a recent report by Quocirca.
Ninety percent of the U.S. and European companies Quocirca surveyed outsourced a good chunk of their development -- more than 40 percent -- to third parties, reports vnunet.com. You just know these surveys guarantee anonymity to the respondents based on another jaw-dropping stat unearthed by Quocirca: Sixty percent said they did not include security specifications in outsourced development projects.
Says Quocirca analyst Fran Howarth:
The findings indicate that not enough is being done by organizations to build security into the applications on which their businesses rely.
The survey was commissioned by Fortify Software, which sells application testing software, among other security products. So it's not surprising that Quocirca notes that outsourcing creates "an even greater onus for organizations to thoroughly test all code generated for applications, without which they could be playing into the hands of hackers." Yet its vendor sponsorship doesn't change the research's rather shocking findings.
With that in mind, here's a link to a May 2006 article from Security Park that presents six common weaknesses in the software development cycle. Reinforcing the idea that testing is important, two of the six involve testing processes. While software can help companies solve their testing shortcomings, says the article, it's important for a security mandate to come from top management. That's good advice whether applications are coded in-house or outsourced.