IT Risk Management: Guide to Software Risk Assessments and Audits
sponsored by Veracode, Inc.

Risk is a function of the likelihood that a given threat-source might exercise a particular potential vulnerability, and the resulting impact of that adverse event on the organization. In IT systems, risk can be introduced from the internet, servers, networks, malicious insiders, and even lapses in physical security. However, the current rate of newly discovered vulnerabilities in software has risen to the top of the agenda for security professionals striving to control their company’s overall risk profile.

Until now, enterprises have lacked an efficient manner to analyze the security of software as part of their risk management processes. Security testing has been limited to manual analysis by consultants, using internal teams with source code tools or trusting the software supplier to test their own code. None of these approaches scale to cover an enterprise’s entire application portfolio and can add significant time and costs to projects.

In an effort to combat this growing trend, new compliance requirements from the Payment Card Industry (PCI), the Comptroller of the Currency Administrator of National Banks (OCC) along with recommendations from industry groups and analysts call for risk management processes to secure software applications. This whitepaper outlines how new application security technologies enable organizations to meet the growing threat posed by software and provides risk management best practices which enterprises can use to secure their application inventory.

Available Resources from Veracode, Inc.
See what other users are reading via our Daily Top 50 Report

About TechTarget:

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines

All Rights Reserved, Copyright 2000 - 2014, TechTarget | Read our Privacy Statement