The application layer continues to grow as a target for hackers, and companies must do more do secure their software during development and after deployment. This according to Gartner, Inc. security and risk management analysts, who convened their IT Security Summit in Washington, D.C. from June 5-7. This event, combining both strategic planning guidance and tactical advice, provides an opportunity each year for Gartner’s research experts to present and discuss the latest advancements and best practices with more than 2000 security executives and managers from North America and around the world.

This year’s Summit, of which Ounce Labs was a Platinum Sponsor, featured a track solely devoted to the issue of Application and Data Security, with several sessions outlining the best ways to ensure secure development and data integrity. A key session in this track, co-presented by analysts Joseph Feiman and Neal MacDonald, explained processes and technologies currently being used to ensure applications are developed securely. The presentation, entitled “Building Secure Application Solutions”, focused on three key issues:

1.	How can organizations ensure the right things are tested for security vulnerabilities?
2.	How should the application development process change to make applications more secure?
3.	Which vendors, tools, and concepts enable better security.

Throughout the presentation, analysts Feiman and MacDonald urged organizations to introduce security requirements, testing, and remediation at the earliest possible points in the development lifecycle to ensure the best possible quality at the lowest possible cost. Identifying the gap that currently exists between software developers and security professionals, they offered specific organizational approaches and process improvements to embed security into the software development lifecycle. The presentation detailed the methodologies and tools available today to assist in the process, including source code analysis tools such as Ounce. The analysts also provided glimpse into the future of application security, as both development organizations and technologies mature. They concluded with several recommendations, with a particular emphasis on making application security an integral part of the SDLC, starting with user requirements analyses, not with operations.