Monday, April 21, 2008

As my 4-year old would say (DUH!)

From Call is out to bring security testing into the QA process

Testing the security of software applications should be part of the process of developing the software, not an afterthought. But one security analyst says that’s easier said than done.

Danny Allan, an IBM security researcher, made the case for advancing security research for software applications at the Software Test & Performance Conference April 16.

Allan argued, citing Gartner research, that while 75% of IT attacks are targeted at applications, 90% of IT security spending goes to securing the network, not the applications.

Oh and you can get rid of all those pesky firewalls, too.

No comments: