Information Week | Bank Systems and Technology
Why application security means more than just ensuring that developers are writing secure code.
Despite our best efforts to write secure code, computer security breaches at major banks, retailers, and government agencies are making front page headlines on a regular basis. Here are six reasons writing better code may only address a fraction of a bank’s total application security risk.
1. The tip of the iceberg: Modern banking applications are written by developers using a combination of their own software together with open-source components, third-party libraries, and development frameworks — much in the way manufacturers use a mix of in-house and sourced components in their finished products. Various industry studies suggest that only 10 to 30 percent of custom applications are written by a company’s developers. So even the most secure coding practices in the world, perfectly executed, will only address at best 20% of the potential risk. That’s only the tip of the iceberg.