Tuesday, June 21, 2011

Return on investment (ROI) and Secure application development: a holistic approach can save money and increase productivity?

Doug cavity here to speak to a presentation, that I give to the Conference RSA with the results of a consultation of Forrester think paper of leadership that we have recently published. 

We're often asked, "what is the real return on investment for a program of developing secure in place application?" Wisdom is that the development of secure applications is more expensive that do, the probability of having hacked is low and most organizations really do not have the time or resources to the right. In other secure development organizations is recognized as important; but in practice, the corners are cut and only some activities requested in global security, processes are really ended. There are many examples of the failure of these philosophies in the news.   

We thought about it for some time now. and we have concluded that the Microsoft SDL process does in fact provide return on investment beyond the costs of implementation. To this day however, we did not examined systematically outside the company to confirm our belief that the holistic process shall benefit from a bottom line of the organization.

We have worked with Forrester Research to refine our thoughts and test our premises with 150 Fortune 1000 companies. Forrester concluded that most of the companies in the study does not use a process of development of global security. However, those who have a process (such as the Microsoft SDL), many saw improvements in the overall - especially when King compared to those using ad hoc solutions or approaches to the "list". 

This report provides an overview of the security of the current applications of development practices, exposes gaps in common in the process, and addresses issues that can arise to do not with a comprehensive approach to ensure the development of software. In addition, the report provides guidance on possible improvements in the process and suggests ways to measure development security King. The report can be found here: Forrester Consulting State of Application Security Thought Leadership white paper.

At 16: 10 a.m. on Tuesday 15 February, I will explore this topic more in depth in the booth of Microsoft at RSA. If you are at the RSA Conference, stop and tell us what you think!

Related Post :


0 comment:

Post a Comment