This resource is no longer available

Five Steps to Secure Outsourced Application Development


Application security has risen to the top of the agenda for security professionals striving to control their company’s overall risk profile. At the same time, over $50 billion in custom code is being developed in locations such as India, China, and Eastern Europe as many businesses have rushed to take advantage of cost savings and flexibility to gain a competitive advantage. However, due to training and developer turnover, secure coding and application security testing of outsourced software are often overlooked. This pushes both costs and liabilities onto the enterprise resulting in an unacceptable level of unbounded risk.

Until now, enterprises have lacked an efficient manner to analyze the security of outsourced software. Security testing has been limited to manual analysis by consultants, using internal teams with source code tools or trusting the outsourcer to test their own code. None of these approaches scale to cover an enterprise’s entire outsourced application portfolio and can add significant time and costs to projects.

This whitepaper outlines how these limitations can be overcome by following five best practices that enterprises can use to secure their outsourced application development. These key steps provide enterprises with visibility into the security of their outsourced applications before the risk enters their front door. From software risk assessments to embedding specific contract language into development contracts, these practices provide guidance on steps that enterprises can immediately implement to simply and cost-effectively meet regulatory requirements, establish metrics and SLAs and protect their critical assets.

Veracode, Inc.
10 May 2010
10 May 2010
13 Page(s)
White Paper

This resource is no longer available.