By Kelly Jackson Higgins
Apr 29, 2010
With all of the attention and education surrounding secure coding
practices and Web attacks, you'd think it would be sinking in to
enterprises by now, but not so much, according to a new survey: Only 18
percent of IT security budgets are dedicated to Web application
security, while 43 percent of budgets are allocated to network and host
"The State of Application Security" report by the Ponemon Institute and
commissioned by Imperva and WhiteHat Security, published this week,
found that 70 percent don't believe their organizations allocate enough
money to securing and protecting their mission-critical Web apps. In
addition, 55 percent said developers are too busy to fix security issues
in their apps.
"Overall, the results of the study confirmed things WhiteHat and Imperva
have believed and recognized for quite some time. The vast majority of
attacks come through applications -- in particular, Web applications,"
says Stephanie Fohn, CEO of WhiteHat.
The survey found that 34 percent of major vulnerabilities are not fixed,
and 38 percent said they believed it would take more than 20 hours of
time for a developer to fix one bug.
Best Selling Security Books and More!
Shop InfoSec News