Survey Says: Lack of Software Security Training

Thursday, November 18, 2010 @ 09:11 AM gHale

Nearly 80% of personnel at government agencies and contractors said their organization does not provide sufficient training and guidance for software security application development and delivery, according to a new survey.
Around 37% of those surveyed believe the first priority for improving security across the software delivery lifecycle is training and education, and 33% believe it should be a top priority of their organizations to address culture, attitudes, and mindsets about software security, according to the survey by non-profit IT security trade group (ISC)².
A majority of respondents said their organization had at least four employees dedicated to ensure security through the software development lifecycle.
The need for security training and guidance is especially acute for new technologies, such as virtualization and cloud computing: 78% of respondents said their organizations have plans to use virtualization and 48% said their organization plans to use cloud computing. Regarding the security impact of these technologies, 24% of respondents said they needed security guidance on cloud computing, and 16% said they needed it for software-as-a-service platforms.
Mobile devices also pose additional security risks for government agencies and contractors, according to the survey.
All respondents did agree insecure software presents a significant threat to the federal government. He concluded that the “need for education about software security is imperative”.
“When the majority of information security professionals who have at least some oversight over the software development lifecycle are seeking more training and guidance, managers need to take heed,” said W. Hord Tipton, executive director of (ISC)².

Leave a Reply

You must be logged in to post a comment.