Application security has been the missing
link in Enterprise Security IT plans. Having invested in network-perimeter
protection, application-security gateways and manual software audits, these
after-the-fact approaches don't address the root cause of application
vulnerability: security flaws within the underlying software. The solution
requires the use of software development processes & technology that
explicitly drives security into their critical applications during design and
construction.
IT organizations are feeling the pressure. CIOs are being asked
to attest to the security of information
systems and data, as part of meeting the compliance requirements for
Sarbanes-Oxley, the Health Insurance Portability and Accountability Act (HIPAA),
Gramm-Leach-Bliley, and other legislation
and regulation. Software security is also becoming an explicit focus of new
legislation.
Automated discovery and vulnerability analysis is the first step. It enables
businesses to conduct more intelligent, more frequent, and less expensive code
analysis and remediation. But since code auditing will only flag, and not cure
security-deficient software development processes, businesses need to fix the
software development process by weaving security expertise - "security
DNA" - into their software acquisition, development and deployment
activities. This white paper clearly explains the new process-oriented
technologies, methodologies and services that make this achievement possible and
affordable today.
This white paper focuses
on why application security is the new business imperative — and how to
achieve it . Business accountability demands a process-oriented approach to
fixing security flaws in software
Fore More: http://www.securesoftware.com/resources/whitepapers/appsec.pdf
Source: Secure Software