Sunny Day, Sweepin’ the Hacks Away

by

Today’s blog is brought to you by the letter “S.”

“S” stands for security, something “S” organizations like Sony and Sega appeared to have too little of earlier this year. You could also say “S” represents the U.S. Dollar sign ($) that is associated with the FDIC and IRS, both of which have recently fallen victim to phishing attacks and have had their security compromised. Unfortunately, they are not alone; organizations that start with many letters of the alphabet have fallen victim to security issues this year.

The reason these organizations have been victimized leads us to another “S” term – sensitive information. Particularly in the case of the breach at a Department of Defense contractor in March, which was just revealed last month, the greater the sensitivity of the data being stored by the organization, the bigger they are as a target. Sensitive data has placed the United States in the crosshairs of many hackers – independent and those sponsored by foreign governments. The United States has become such a significant target of hackers that Secretary of Defense Leon Panetta recently noted, “more than 60,000 new malicious software programs or variations are identified every day threatening our security, our economy and our citizens.”

On My Way

This leads us to our third “S” word of the day – software. First off, there’s the malicious software of which Panetta speaks – viruses, malware, Trojans – much of which gets caught by security software…if it is up to date. Surveys have shown that all too often that end users fail to update their virus software because 83% of them think their PCs are “clean.” As a result, we find that anywhere from 1 to 50 percent of all computers (depending upon which study you read) are infected by some form of malicious software.

But there is also the application software that already makes up a company’s IT system. While organizations claim extreme diligence when it comes to stopping malicious software, the impact of these external attacks could be dampened significantly, possibly even rendered moot, if more attention were paid to existing application software and another “S” term – structural quality.

Many companies find themselves with systems bereft with software that rates low in structural quality. This is due to a number of factors, the most common of which are poor code writing and antiquated software that holds latent vulnerabilities. Either of which can be exploited by hackers who seem to be growing smarter at a rate exponentially greater than those developing the security systems to stop them.

To Where the Software’s ‘Clean’

This portion of the blog comes courtesy of the recently released HP/Capgemini World Quality Report and is brought to you by the numbers “85” and “42.”

The first number stands for 85%. According to the World Quality Report, 85% of businesses now recognize that application software quality as a priority and a focal point for IT spending as the economy begins to rebound. In one recent article about the World Quality Report, Murat Aksu, global head of the HP Software Alliance at Capgemini, said, “Business leaders see application quality as the strategic cornerstone of their competitive economy.”

There is significance to the fact that software structurally quality has finally broken through as a top priority. This factor demonstrates that companies have taken to heart the issues with software failure and have begun to realize it is better business to build software correctly the first time than to try and fix failures, outages and security breaches after the fact (the basis for the technical debt concept). It seems like this revelation is almost a reaction to the predictions of Andy Kyte at Gartner who last year forecasted that technical debt will top $1 trillion worldwide by 2015.

But while 85% see application quality as being a competitive differentiator, only half – or our other sponsor for this section, 42% – plan to do something about it. Of this, Aksu says:

“We see that in the Western Hemisphere and EMEA [Europe, the Middle East and Africa], excluding Eastern Europe, economies are not doing that well. As a result, the IT investment is smaller, as is the investment in cloud computing and security testing, compared to the rest of the world.”

So even though nearly every business in the world understands that there’s a global problem with the structural quality of application software, more than half either cannot or will not do anything about it. That sounds like an awfully contrarian way for companies to keep their data from being trashed.

Only through increased diligence and strict attention to application software quality will businesses be able to sweep the hackers away and bring sunny days to “The Street.” Failing to do so will just leave them "grouchy."

Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Jonathan Bloom Writer, Blogger & PR Consultant
Jonathan is an experienced writer with over 20 years writing about the Technology industry. Jon has written more than 750 journal and magazine articles, blogs and other materials that have been published throughout the U.S. and Canada. He has expertise in a wide range of subjects within the IT industry including software development, enterprise software, mobile, database, security, BI, SaaS/Cloud, Health Care IT and Sustainable Technology. In his free time, Jon enjoys attending sporting events, cooking, studying American history and listening to Bruce Springsteen music.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|