Do IT Pros Consider Security When Purchasing Software?

Traditionally, security was about cost avoidance. It was thought of like insurance – something you have to have in case something bad happens, but not something that would boost the bottom line or attract customers. But in today’s environment, we are increasingly seeing that security is about more than cost avoidance; done right, it creates a competitive advantage. The results of a recent IDG survey of IT pros found that the vast majority are in fact more likely to purchase software that has been certified secure by a third party. In this way, security goes from a way to avoid something bad to a way to proactively bring in business.

Security as a competitive advantage

If your customers and prospects aren’t asking about the security of your software product, they will be. With breaches dominating the headlines – and damaging corporations and careers – software purchasers are increasingly wary about the code they are bringing into their organizations and want assurance that it is not leaving them open to attack. And a recent joint survey from CA Veracode and IDG Research backs up this point. We surveyed IT professionals and executives who are involved in the purchase of software at their organizations about the role security plays in their purchase decisions. A whopping 95 percent of survey respondents reported that their confidence in a vendor whose application security has been validated by an established independent security expert would increase at least somewhat, and 66 percent said they are much more likely to work with that vendor. Nearly every respondent (99 percent) perceives advantages of working with a certified secure vendor, including improved comfort of customers regarding data security and improved protection of IP data.

What exactly were our respondents looking for in terms of software security?

When asked what an independent security validation program should look like, more than 70 percent of respondents placed critical or high importance on each of the following:

  • Certification that the software/application code is free of security related defects
  • Verification that the providers have a certified and trained security champion in-house
  • Imposed/guaranteed time restriction for remediation of future security issues/flaws
  • Verification that the providers have integrated continuous scanning to detect vulnerabilities throughout the development process

But the respondents also report struggling to get this information from their vendors. Nearly all organizations (99 percent) run into roadblocks when trying to assess the security status of applications and software they didn’t develop in-house. These challenges range from difficulty of verifying the security of open source code to an inability to obtain the code necessary to conduct independent testing, and a lack of necessary information from software vendors about their security and testing practices. Even when they do get security information from vendors, survey respondents note that security information from vendors is either too difficult to understand or too time consuming to read through, creating frustration that can delay, or even end, sales cycles.

Prove the security of your software at a glance

By working to embed security testing into your development process, and then getting that initiative validated by an independent third party, you prove at a glance that security is a priority, addressing your prospects’ security concerns pre-emptively and, in turn, speeding your sales cycles. With CA Veracode’s new CA Veracode Verified program, you’ll get this third-party validation from one of the most respected names in the industry. The Verified seal allows you to address your customers’ and prospects’ security questions and concerns pre-emptively, making you stand out among the competition. And, representation in the CA Veracode Verified directory provides you the visibility to a larger audience of prospects and customers looking for partners who can provide solutions driven by secure software.

Get all the details on IDG’s survey results in the How to Make Security a Competitive Advantage report.

Find out more about getting ahead of the competition by getting your app Verified.



This is a Security Bloggers Network syndicated blog post authored by sciccone@veracode.com (sciccone). Read the original post at: RSS | Veracode Blog