CIOApplications
static-image
  • Home
  • Applications
      • Auction Software
      • Audit Management
      • Bioinformatics
      • Business Continuity
      • Business Intelligence
      • Chatbot
      • Club Management
      • Collaboration
      • CPQ
      • Custom Software Development
      • CRM
      • Data Platform
      • Digital Experience
      • e-Discovery
      • E-Signature
      • Employee Engagement
      • EAM
      • Enterprise Communications
      • Enterprise Mobility
      • Enterprise Reporting Software
      • Enterprise Search
      • Forestry
      • GIS
      • GRC
      • Human Resource
      • Indoor Positioning
      • Innovation Management
      • InsurTech
      • Intellectual Property
      • IT Infrastructure
      • IT Operations Management
      • IT Service Management
      • License Management
      • Low Code Platform
      • Maintenance Management
      • Managed IT Services
      • MarTech
      • Master Data Management
      • Order Management
      • Parking Management
      • Personalization
      • Portal Software
      • Procurement Tech
      • Publishing Software
      • Quality Management System
      • Remote Monitoring
      • Remote Support
      • RFID
      • Sales Tech
      • Software Asset Management
      • Software Testing
      • Task Management
      • Unified Communications
      • Visitor Management
      • Voice Recognition
      • Web Design and Development
      • Workflow
      • Workplace Management
  • Verticals
      • Automotive
      • Banking
      • BioTechnology
      • Casino
      • Construction
      • CPG
      • Contact Center
      • Education
      • Energy
      • Field Service
      • Fintech
      • Food and Beverages
      • Government
      • Healthcare
      • Legal
      • Life Sciences
      • Logistics
      • Manufacturing
      • Media and Entertainment
      • Retail
      • Travel and Hospitality
      • Utilities
  • Technologies
      • 3D Scanning
      • Agile
      • API
      • Artificial Intelligence
      • Augmented Reality
      • Blockchain
      • CAD/CAM
      • Cloud
      • Container Management
      • Cyber Security
      • Data Analytics
      • Data Center
      • DevOps
      • Drone
      • Graphics
      • Hyper Converged Infrastructure
      • Image Recognition
      • IoT
      • Lidar
      • Machine Learning
      • Machine Vision and Imaging
      • Nano Tech
      • Networking
      • Predictive Analytics
      • PropTech
      • RF and Microwave
      • Robotic Process Automation
      • Robotics
      • Security
      • Simulation
      • Smart Labelling
      • Space Tech
      • Telematics
      • Virtual Assistant
  • Company Eco System
      • Adobe
      • Amazon
      • Avaya
      • ESRI
      • Google
      • IBM
      • Infor
      • Microsoft
      • Mitel Partners
      • National Instruments
      • NetSuite
      • Oracle
      • Progress
      • Qlik Partner
      • Riverbed
      • Salesforce
      • SAP
      • ServiceNow
      • SiteCore
      • Splunk Partner
      • VMware
  • News
  • conferences
  • Newsletter
  • Whitepaper
  • About us
  • Specials

  • Menu
      • Amazon
      • Artificial Intelligence
      • Auction Software
      • Blockchain
      • CAD/CAM
      • Club Management
      • CPQ
      • Digital Experience
      • E-Signature
      • Education
      • Energy
      • Enterprise Mobility
      • Food and Beverages
      • GRC
      • Healthcare
      • Image Recognition
      • Indoor Positioning
      • Infor
      • Intellectual Property
      • IoT
      • Legal
      • Lidar
      • Logistics
      • NetSuite
      • Personalization
      • Predictive Analytics
      • Quality Management System
      • Remote Monitoring
      • Retail
      • RF and Microwave
      • Riverbed
      • Simulation
      • Task Management
      • Utilities
      • VMware
      • Workflow
  • VMware
  • Amazon
  • Artificial Intelligence
  • Auction Software
  • Blockchain
  • CAD/CAM
  • Club Management
  • CPQ
Specials
  • Specials

  • Amazon
  • Artificial Intelligence
  • Auction Software
  • Blockchain
  • CAD/CAM
  • Club Management
  • CPQ
  • Digital Experience
  • E-Signature
  • Education
  • Energy
  • Enterprise Mobility
  • Food and Beverages
  • GRC
  • Healthcare
  • Image Recognition
  • Indoor Positioning
  • Infor
  • Intellectual Property
  • IoT
  • Legal
  • Lidar
  • Logistics
  • NetSuite
  • Personalization
  • Predictive Analytics
  • Quality Management System
  • Remote Monitoring
  • Retail
  • RF and Microwave
  • Riverbed
  • Simulation
  • Task Management
  • Utilities
  • VMware
  • Workflow
×
#

CIO Applications Weekly Brief

Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from CIO Applications

Subscribe

loading
  • Home
  • Cyber Security
Editor's Pick (1 - 4 of 8)
left
Augmenting Cybersecurity in Healthcare Industry

Augmenting Cybersecurity in Healthcare Industry
Robert Napoli, CIO, Planned Parenthood of the Great Northwest and the Hawaiian Islands

Security Solutions for Cyber Risk Mitigation

Security Solutions for Cyber Risk Mitigation
Colin Black, CIO, Crowd Strike

The Tao of Cyber Security in today's reality

The Tao of Cyber Security in today's reality
Marc DeNarie, CIO, NaturEner USA & Canada

Preventing Cyber-Attacks in Universities with Operational Collaboration

Preventing Cyber-Attacks in Universities with Operational...
Michael Corn, Deputy CIO & CISO, Brandeis University

Addressing Cyber Security Strategically

Addressing Cyber Security Strategically
David L Stevens, CIO, Maricopa County

Ever-Changing Cyber Security of Business Community

Ever-Changing Cyber Security of Business Community
Jim Sills, CIO/Cabinet Secretary, State of Delaware

IT- A Game-changer in Cybersecurity

IT- A Game-changer in Cybersecurity
Tammy Moskites, CIO and CISO, Venafi

The Realities of Cybersecurity

The Realities of Cybersecurity
Doug Mullarkey, CIO, First Choice Loan Services Inc.

right

Thank you for Subscribing to CIO Applications Weekly Brief

The Productivity Gain Of Software Security

By Jim Routh, CSO, Aetna

Tweet
content-image

Jim Routh, CSO, Aetna

There are many compelling reasons to consider embedding security controls into your software development and integration processes: shrinking the attack surface for web and mobile apps, reducing risk, lowering the probability of a cyber-attack and more. But the most compelling argument for a software security program has little to do with security and everything to do with economics. Integrating security controls into the fabric of software development and integration increases productivity for application developers. Convincing business leaders that software security improves risk management for the enterprise is important but doesn’t tell the whole story. Most software vulnerabilities exploited by criminals via the web or mobile apps result in downstream fraud impact for the customers using the site or application that are rarely attributed back to the enterprise. Measuring the bottom-line impact of risk reduction is difficult; measuring the productivity gain from embedding security controls in a development process is easy.

The conceptual model measuring the gain in productivity for developers assumes that there are up-front costs for changing the development processes, such as software licenses for testing tools and licenses, education, and time to teach developers new techniques and of course, the necessary servers and infrastructure cost. Depending on the size of the development organization, it is safe to estimate that it will take 10 to 15 percent of the total hours spent on development each year to implement changes in the process and teach developers how to use a new set of tools.

Integrating security controls into the fabric of software development and integration increases productivity for application developers


Take current dev/ops practices into account. Those regular changes already cost money, so adding security controls is simply another change to the existing process that requires some investment—the same as any business process change.

The return on investment should be measured in the productivity enhancements enabled by avoiding software flaws and defects in the development process and the ability to fix defects earlier in the life-cycle. This approach saves time over fixing defects discovered after the application is built through a penetration test.

Providing developers with frameworks for input and output validation routines is an example of a control that actually prevents defects in software code. Mandating their use by security policy is simply an example of embedding a control that prevents vulnerabilities in software. Dev/Ops give us a continuous build process so developers don’t have to spend time fixing the vulnerability. The productivity saved can be measured by determining the standard cost of fixing defects, usually between two and six hours of development time, and multiplying that by how many defects are identified before and after the framework.

Using this before-and-after model to determine the average number of security vulnerabilities per line of code written (something called defect density) provides an opportunity to measure improvements over your baseline measures. The difference is the second gain in productivity of embedding controls in development. It turns out that developers actually learn how to avoid defects when they are able to use static analysis tools during development so preventing defects and fixing them earlier enable more time to be invested in quality software and less time fixing defects. As a result, obtaining productivity improvement of 10 to 40 percent is feasible, offering a compelling argument for security that everyone can understand.

Founded in 1853 in Hartford, U.S., Aetna (NYSE: AET) is committed to providing individuals, employers, health care professionals, producers, and others with a broad range of traditional, voluntary, and consumer-directed health insurance products and related services.

Read Also

Addressing Cyber Security Strategically

Addressing Cyber Security Strategically

David L Stevens, CIO, Maricopa County
Ever-Changing Cyber Security of Business Community

Ever-Changing Cyber Security of Business Community

Jim Sills, CIO/Cabinet Secretary, State of Delaware
IT- A Game-changer in Cybersecurity

IT- A Game-changer in Cybersecurity

Tammy Moskites, CIO and CISO, Venafi
The Realities of Cybersecurity

The Realities of Cybersecurity

Doug Mullarkey, CIO, First Choice Loan Services Inc.

Weekly Brief

loading
ON THE DECK

Cyber Security 2019

Top Vendors

Cyber Security 2018

Top Vendors

Cyber Security 2017

Top Vendors

Previous Next

Featured Vendors

  • INTEGRITY Security Services: Embedded Iot Security and Management
    INTEGRITY Security Services: Embedded Iot Security and Management
  • 3i International: Ingenious Cyber Security Solutions
    3i International: Ingenious Cyber Security Solutions
  • Absolute: Self-healing Endpoint Security
    Absolute: Self-healing Endpoint Security
  • Axiad IDS: Preventing Cybersecurity Threats with Axiad ID Cloud
    Axiad IDS: Preventing Cybersecurity Threats with Axiad ID Cloud

Copyright © 2019 CIOApplications. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy |  Sitemap  |  Subscribe

follow on linkedin follow on twitter follow on rss
This content is copyright protected close

However, if you would like to share the information in this article, you may use the link below:

https://cyber-security.cioapplications.com/cxoinsights/the-productivity-gain-of-software-security-nid-474.html