Risk is a function of the likelihood that a given threat-source might exercise a particular potential vulnerability, and the resulting impact of that adverse event on the organization. In IT systems, risk can be introduced from the internet, servers, networks, malicious insiders, and even lapses in physical security. However, the current rate of newly discovered vulnerabilities in software has risen to the top of the agenda for security professionals striving to control their company’s overall risk profile.
Until now, enterprises have lacked an efficient manner to analyze the security of software as part of their risk management processes. Security testing has been limited to manual analysis by consultants, using internal teams with source code tools or trusting the software supplier to test their own code. None of these approaches scale to cover an enterprise’s entire application portfolio and can add significant time and costs to projects.
In an effort to combat this growing trend, new compliance requirements from the Payment Card Industry (PCI), the Comptroller of the Currency Administrator of National Banks (OCC) along with recommendations from industry groups and analysts call for risk management processes to secure software applications. This whitepaper outlines how new application security technologies enable organizations to meet the growing threat posed by software and provides risk management best practices which enterprises can use to secure their application inventory.