Responsibility for securing enterprise applications has been moving down the development lifecycle, and for good reason. It not only makes the enterprise more secure, but also saves companies time and money.
For example, the average time to fix a vulnerability in IBM's application security solution has dropped from 20 hours to 30 minutes, according to a study Forrester Consulting released last month.
Also, finding bugs earlier rather than later in the development process resulted in a 90 percent cost savings, the study indicated.
Not My Job
If security at the application creation level is going to gain traction, however, it's going to require a change in the attitude on the part of developers.
"Developers don't inherently think about security -- they're paid to ship code," said Rami Essaid, CEO of Distil Networks.
"We've been saying that developers should write good code for the last 20 years, yet nothing happens," he told TechNewsWorld.