IN THIS ISSUE:
- Article: Why Security Matters in a Tough Economy
- News: Ounce Labs Weighs Into Rogue Code IT Director
- News: Ounce Teams with Maven SD Times
- Byline: Secure at the Source: Implementing Source Code Analysis in the IBM Rational Software Development Lifecycle The Rational Edge
SPOTLIGHT ARTICLE
Why Security Matters in a Tough Economy
In a troubled economy, building security into the software development lifecycle (SDLC) is more important than ever before. With tight budgets and schedules, the most efficient and cost-effective way to ensure that software is secure is to identify and eliminate vulnerabilities before they reach the marketplace. Consider this:
- Fixing security flaws after software deployment costs 100 times more than fixing them during development (IEEE Computer).
- Vendors whose software is discovered to have vulnerabilities lose stock value as a result (Carnegie Mellon).
- Security vulnerabilities cause intangible damages including negative PR and lost sales due to decreased customer confidence.
When faced with these realities, and this economy, securing the SDLC isn't an option or an obstacle to software rollout. It's a financial necessity.
Developers sometimes see source code security review as extra work. It doesn't have to be. Automated source code scanning during the build process integrates with workflows, saves money, and ensures that programming resources are appropriately allocated.
Scanning and fixing vulnerabilities before software deployment reduces applications' long-term maintenance cost. It also means fewer developers are needed to support applications and that critical flaws don't require pulling developers off key projects to issue fixes.
In a tight economy, no one wants to ask management for unbudgeted allocations or explain why past coding mistakes are causing current projects to fall behind schedule.
Source Code Analysis: Better Security Saves Time and Money
The best source code-analysis tools are designed to speed vulnerability identification and prioritization during builds, and make remediation as efficient as possible.
- Build Automation: By integrating analysis into the regular build process, the right tool makes identifying vulnerabilities as seamless as discovering traditional bugs. For example, the recently announced Ounce Automation Server offers vulnerability analysis and reporting at any point in the SDLC.
- Vulnerability Prioritization: It's best to enable developers to focus on the most critical vulnerabilities first. Ounce, with the ability to isolate confirmed vulnerabilities, makes sure developers are working on actual vulnerabilities that pose a direct threat to critical data.
- Efficient Remediation: The best source-code analysis tools are accessed through the developer desktop as an integrated part of their everyday work. With Ounce, developers can click directly to the vulnerable line of code, receive in-context remediation advice, and eliminate the flaw immediately. They can even rescan to check their work.
Leading modern source-code analysis tools such as Ounce allow developers to quickly ensure security and get back to developing the application. As a result, they help deploy resources most effectively and reduce long-term risk. And, in this tough economy, saving money, increasing productivity, and reducing risk pays big dividends.
