Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Fortify Software and Mainstay Partners Survey Security Executives to Find the Real ROI of Software Security

September 2010 by Fortify Software

Fortify Software released the results of an in-depth study with Mainstay Partners to find the true Return on Investment (ROI) of software security assurance solutions in a white papers entitled “Does Application Security Pay? Measuring the Business Impact of Software Security Assurance Solutions".

After conducting and analyzing the results of executive interviews with 17 of Fortify’s global customers, including Fortune 500 companies across the financial services and government sectors, Mainstay was able to identify, qualify and quantify the full range of benefits organizations are seeing from their SSA investments. The survey revealed that, with baseline savings at $2.4M per year, companies are finding that investing in efficiency and productivity improvements, including faster, less-costly code scanning and vulnerability remediation, and streamlined compliance and penetration testing, pays dividends in preventative savings.

"Not surprisingly, at a time when IT budgets are coming under closer scrutiny, chief information security officers are being called on to justify their software security investments from a cost-benefit perspective," said Thornton. “We believe this study provides a good framework for the business and financial justification of an investment in software security. Organizations that take a program-level approach to security will not only reduce risk, but get a much greater strategic return on software security.”

“We reviewed 30 software security providers and found that, while everyone talks about ROI, no one has really quantified the business value of SSA,” said Amir Hartman, co-founder and managing director of Mainstay Partners. “Fortify’s effort to put some real cost and time savings against an investment in SSA is unique in the industry, and should give security executives the language they need to communicate the value of SSA in a way that resonates with senior IT and business leaders.”

Based on the C-level interviews conducted between April and August of this year, the study found that exponential increases in benefits are being achieved by companies that deploy SSA in more comprehensive and innovative ways. These advanced deployments include embedding software security controls and best practices throughout the application development lifecycle, extending SSA programs into critical customer-facing product areas, and leveraging SSA to seize unique value-generating opportunities. For these strategic companies, the benefits of application security solutions can add up to as much as $37M per year.

Mainstay’s research also revealed that securing buy-in from senior IT leadership, including the CIO and head of application development, is another way to successfully deploy a high-value, strategic SSA solution. Without this commitment, there is little likelihood that organizations can realize maximum value from a strategic SSA deployment. To gain support from senior leadership, about 90 percent of the executives surveyed said that proving SSA’s payback potential in the form of a business case or ROI assessment was critical.

Other key findings among customers who had optimized their adoption of SSA include:
 Vulnerabilities per application reduced from 1000’s to 10’s
 Average time to fix a vulnerability reduced from 1 to 2 weeks to 1 to 2 hours
 The percentage of repeat vulnerabilities reduced from 80% to 0%
 Costs for compliance and penetration tests reduced from $500k to $250k
 Time-to-market delays due to vulnerabilities reduced from 4+ incidents (30 days each) to none.

To learn more about this ROI study or to receive a copy of the study, titled “Does Application Security Pay? Measuring the Business Impact of Software Security Assurance Solutions”, please go to
https://www.fortify.com/ssa-basics/why-ssa/roi_study_2010.html.


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts