A range of application security tools was developed to support the efforts to secure the enterprise from the threat posed by insecure applications. But in the ever-changing landscape of application security, how does an organization choose the right set of tools to mitigate the risks their applications pose to their environment? Equally important, how, when, and by whom are these tools used most effectively?
Today, when you make decisions about information technology (IT) security priorities, you must often strike a careful balance between business risk, impact, and likelihood of incidents, and the costs of prevention or cleanup. Historically, the most well-understood variable in this equation was the methods that hackers used to disrupt or invade the system.
Countless studies and analyst recommendations suggest the value of improving security during the software development life cycle rather than trying to address vulnerabilities in software discovered after widespread adoption and deployment. The justification is clear.For software vendors, costs are incurred both directly and indirectly from security flaws found in their products. Reassigning development resources to create and distribute patches can often cost software vendors millions of dollars, while successful exploits of a single vulnerability have in some cases caused billions of dollars in losses to businesses worldwide. Vendors blamed for vulnerabilities in their product's source code face losses in credibility, brand image, and competitive advantage.
The Business Case for Data Protection, conducted by Ponemon Institute and sponsored by Ounce Labs, is the first study to determine what senior executives think about the value proposition of corporate data protection efforts within their organizations. In times of shrinking budgets, it is important for those individuals charged with managing a data protection program to understand how key decision makers in organizations perceive the importance of safeguarding sensitive and confidential information.