SlideShare a Scribd company logo

Healthcare application-security-practices-survey-veracode

Veracode
Veracode

Even though Healthcare applications are a primary target for cyber-attacks, a new study from IDG Research reveals that sixty percent of internally developed applications are not assessed for critical security vulnerabilities such as SQL Injection and Cross-Site Scripting. IT leaders expect the number of healthcare applications to increase as organizations increasingly rely on software innovation. How will healthcare application security teams close this gap?

Technology
1 of 18
Download to read offline
Application Security Best Practices SurveyInsights for the Healthcare Industry
2 Application Security Benchmark Survey Insights for the Healthcare Industry •About this survey •What is being developed by enterprises? •What is not being tested? •How will things change in 12 months? •Executive commitment •A plan to close the gap
3 About The Survey •Conducted by IDGResearch from May-June 2014 •Respondents: -100 US -100 UK -106 Germany & Switzerland 26% 5% 6% 6% 8% 9% 11% 14% 16% Other Telecommunications Retail, Wholesale Healthcare, Medical, Biotech, Pharmaceuticals Advertising, PR, Marketing Business services, Consulting Manufacturing & Distribution Computing (HW, SW, Services) Financial services (banking, accounting,insurance) 0% 10% 20% 30% 17% 27% 16% 21% 18% $500 million - $999.9 million $1 billion - $2.9 billion $3 billion - $4.9 billion $5 billion - $9.9 billion $10 billion or more
What is being developed by enterprises?
5 Healthcare enterprise application portfolio Internally Developed vs. Externally Sourced Internally developed Sourced from commercial software vendor Outsourced (developed by third party) 34% 42% 24% Source: Veracode and IDGResearch Services Q1. With the total equal to 100%, please estimate what proportion of your organization’s total enterprise application portfoliois internally developed vs. externally-developed/ sourced? Healthcare Base: 18 Average number of internally developed enterprise applications 1829 Source: Veracode and IDGResearch Services Q9. How many internally developed enterprise applications are currently deployed within your organization? Healthcare Base: 18
6 Taxonomy of internally developed applications Source: Veracode and IDGResearch Services Q3. With the total equal to 100%, approximately what percent of your internally developedenterprise application portfolio falls into the following application architecture categories? Healthcare Base: 18 31% 25% 22% 24% Mobile Applications Web Applications Client/Server Applications Terminal Applications HEALTHCARE
What is being spent on securing internally developed applications?
8 Security spending on internally developed enterprise applications HEALTHCARE 0% 17% 22% 17% 11% 22% 11% 0% 0% 35% Less than $100,000 $100,000 to $249,999 $250,000 to $499,999 $500,000 to $749,999 $750,000 to $999,999 $1M to $2.49M $2.5M to $4.9M $5M or more $1.12M Source: Veracode and IDGResearch Services Q7a. Please estimate your organization’s overall spend on application security for internally developed applications? Total Healthcare Base: 18
9 Breakdown of application security spending on internally developed applications HEALTHCARE Penetration Testing SAST DAST Application Discovery/Inventory 20% 26% 31% 22% Source: Veracode and IDGResearch Services Q7b. Approximately what percent of your organization’s application security budget for internally developed applications is spent on the following: Healthcare Base: 18
What is not being tested?
11 Internally developed applications not tested for security vulnerabilities Source: Veracode and IDG Research Services Q5a. For each application architecture listed below, approximately what percentage of your organization’s internally developed applications do you test for security vulnerabilities? (Total does not have to add up to 100%) Healthcare Base: 18 HEALTHCARE MOBILE APPLICATIONS 63% not tested for vulnerabilities WEB APPLICATIONS 57%not tested for vulnerabilities TERMINAL APPLICATIONS 64%not tested for vulnerabilities CLIENT/SERVER APPLICATIONS 59%not tested for vulnerabilities ALL APPLICATIONS 60%not tested for vulnerabilities A
12 Importance of closing the gaps in application security testing HEALTHCARE Source: Veracode and IDG Research Services Q5b. For each application architecture listed below, how important is it for your organization to close the gaps in coverage and move closer to testing 100% of your internally developed applications for security vulnerabilities? Healthcare Base: 18 87% MOBILE APPLICATIONS (N = 15) 80% WEB APPLICATIONS (N = 15) 69% CLIENT/SERVER APPLICATIONS (N = 16) 69% TERMINAL APPLICATIONS (N = 16) Respondent organizations reporting less than 100% coverage citing a critical or very important need to close gaps in coverage:
How will things change in 12 months?
14 Changes in application security programs: 12 month projection for Healthcare industry Source: Veracode and IDGResearch Services Q5a. For each application architecture listed below, approximately what percentage of your organization’s internally developed applications do you test for security vulnerabilities? (Total does not have to add up to 100%) Healthcare Base: 18 2.92% average increase Change in security spend for internally developed applications (or 177 new apps) Average growth of internally developed applications 9.7% average increase Estimated 2015 Budget: $1.15M Estimated 2015 Need: $3.11M To test all current and new applications with existing approaches $1.95M Average gap between need and budget Source: Veracode and IDGResearch Services Q8. How do you expect your organization’s overall spending on application security for internally developed enterprise applications to change over the next 12 months? Healthcare Base: 18
Executive commitment
16 Executive commitment to application security testing HEALTHCARE Executives have mandated an enterprise-wide program and are tracking implementation Executives are aware of but have not mandated an enterprise-wide program Executives are interested in application security for business critical applications only Executives have little interest in application security programs 44% 28% 28% 0% Source: Veracode and IDGResearch Services Q9. Which of the following most accurately describes the level of executive commitment to application security testing (for internally developed applications) within your organization? Healthcare Base: 18
17 A Plan to Close the Gap* Anticipated spending increases are dramatically lower than the minimum spending increase that IDGdetermined is required to close the gap. Simply extrapolating the existing assessment approaches to close the gap puts the CSOin an untenable budgetary situation. The key is rethinking these elements: •How security gets built into applications as they are being developed •How to build in security at the scale and pace required to support the more than 340 anticipated new applications that enterprises, on average, will develop in the next 12 months •How to build in security so that it lowers the financial burden of proactively managing risk By seeking out best practices for implementing application security at scale, CIOsand CSOscan use their expected budget increases for initiatives that tackle their existing gap in a significant way. * Except from “Why Application Security is a Business Imperative” IDGResearch, Aug 2014
Start the assessment http://www.veracode.com/application-security-assessment

Recommended

Veracode - Inglês
Veracode - InglêsVeracode - Inglês
Veracode - Inglês
DeServ - Tecnologia e Servços
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Salil Kumar Subramony
 
Veracode - Overview
Veracode - OverviewVeracode - Overview
Veracode - OverviewStephen Durrant
 
The Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreThe Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t Ignore
Veracode
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
Threat Stack
 
Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.
Veracode
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - PrintAndrew Kanikuru
 
Strengthening cyber resilience with Software Supply Chain Visibility
Strengthening cyber resilience with Software Supply Chain VisibilityStrengthening cyber resilience with Software Supply Chain Visibility
Strengthening cyber resilience with Software Supply Chain Visibility
Sonatype
 

Recommended

Veracode - Inglês
Veracode - InglêsVeracode - Inglês
Veracode - Inglês
DeServ - Tecnologia e Servços
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Salil Kumar Subramony
 
Veracode - Overview
Veracode - OverviewVeracode - Overview
Veracode - OverviewStephen Durrant
 
The Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreThe Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t Ignore
Veracode
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
Threat Stack
 
Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.
Veracode
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - PrintAndrew Kanikuru
 
Strengthening cyber resilience with Software Supply Chain Visibility
Strengthening cyber resilience with Software Supply Chain VisibilityStrengthening cyber resilience with Software Supply Chain Visibility
Strengthening cyber resilience with Software Supply Chain Visibility
Sonatype
 
Risks in the Software Supply Chain
Risks in the Software Supply ChainRisks in the Software Supply Chain
Risks in the Software Supply Chain
Mark Sherman
 
7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web application7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web application
TestingXperts
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityTyler Shields
 
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial services
NowSecure
 
Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain Management
Sonatype
 
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceTools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Sonatype
 
OWASP: Building Secure Web Apps
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Apps
mlogvinov
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Alan Kan
 
Application Security Management with ThreadFix
Application Security Management with ThreadFixApplication Security Management with ThreadFix
Application Security Management with ThreadFix
Virtual Forge
 
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Sonatype
 
Retail Industry Application Security Survey Insights
Retail Industry Application Security Survey InsightsRetail Industry Application Security Survey Insights
Retail Industry Application Security Survey Insights
Veracode
 
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource
 
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Kyle Lai
 
IBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solutionIBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solution
hearme limited company
 
Fortify Continuous Delivery
Fortify Continuous DeliveryFortify Continuous Delivery
Fortify Continuous Delivery
Mainstay
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?
Cigital
 
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Sonatype
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?London School of Cyber Security
 
5 things about os sharon webinar final
5 things about os sharon webinar final5 things about os sharon webinar final
5 things about os sharon webinar final
DevOps.com
 
The AppSec Path to Enlightenment
The AppSec Path to EnlightenmentThe AppSec Path to Enlightenment
The AppSec Path to Enlightenment
Black Duck by Synopsys
 
Veracode Automation CLI (using Jenkins for SDL integration)
Veracode Automation CLI (using Jenkins for SDL integration)Veracode Automation CLI (using Jenkins for SDL integration)
Veracode Automation CLI (using Jenkins for SDL integration)
Dinis Cruz
 
ANSYS-Advantage-Healthcare-AA-V9-I1
ANSYS-Advantage-Healthcare-AA-V9-I1ANSYS-Advantage-Healthcare-AA-V9-I1
ANSYS-Advantage-Healthcare-AA-V9-I1Khody Afkhami
 

More Related Content

What's hot

Risks in the Software Supply Chain
Risks in the Software Supply ChainRisks in the Software Supply Chain
Risks in the Software Supply Chain
Mark Sherman
 
7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web application7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web application
TestingXperts
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityTyler Shields
 
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial services
NowSecure
 
Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain Management
Sonatype
 
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceTools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Sonatype
 
OWASP: Building Secure Web Apps
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Apps
mlogvinov
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Alan Kan
 
Application Security Management with ThreadFix
Application Security Management with ThreadFixApplication Security Management with ThreadFix
Application Security Management with ThreadFix
Virtual Forge
 
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Sonatype
 
Retail Industry Application Security Survey Insights
Retail Industry Application Security Survey InsightsRetail Industry Application Security Survey Insights
Retail Industry Application Security Survey Insights
Veracode
 
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource
 
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Kyle Lai
 
IBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solutionIBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solution
hearme limited company
 
Fortify Continuous Delivery
Fortify Continuous DeliveryFortify Continuous Delivery
Fortify Continuous Delivery
Mainstay
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?
Cigital
 
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Sonatype
 
5 things about os sharon webinar final
5 things about os sharon webinar final5 things about os sharon webinar final
5 things about os sharon webinar final
DevOps.com
 
The AppSec Path to Enlightenment
The AppSec Path to EnlightenmentThe AppSec Path to Enlightenment
The AppSec Path to Enlightenment
Black Duck by Synopsys
 

What's hot (20)

Risks in the Software Supply Chain
Risks in the Software Supply ChainRisks in the Software Supply Chain
Risks in the Software Supply Chain
 
7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web application7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web application
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software Security
 
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial services
 
Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain Management
 
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceTools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
 
OWASP: Building Secure Web Apps
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Apps
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
 
Application Security Management with ThreadFix
Application Security Management with ThreadFixApplication Security Management with ThreadFix
Application Security Management with ThreadFix
 
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
 
Retail Industry Application Security Survey Insights
Retail Industry Application Security Survey InsightsRetail Industry Application Security Survey Insights
Retail Industry Application Security Survey Insights
 
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
 
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
 
IBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solutionIBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solution
 
Fortify Continuous Delivery
Fortify Continuous DeliveryFortify Continuous Delivery
Fortify Continuous Delivery
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?
 
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?
 
5 things about os sharon webinar final
5 things about os sharon webinar final5 things about os sharon webinar final
5 things about os sharon webinar final
 
The AppSec Path to Enlightenment
The AppSec Path to EnlightenmentThe AppSec Path to Enlightenment
The AppSec Path to Enlightenment
 

Viewers also liked

Veracode Automation CLI (using Jenkins for SDL integration)
Veracode Automation CLI (using Jenkins for SDL integration)Veracode Automation CLI (using Jenkins for SDL integration)
Veracode Automation CLI (using Jenkins for SDL integration)
Dinis Cruz
 
ANSYS-Advantage-Healthcare-AA-V9-I1
ANSYS-Advantage-Healthcare-AA-V9-I1ANSYS-Advantage-Healthcare-AA-V9-I1
ANSYS-Advantage-Healthcare-AA-V9-I1Khody Afkhami
 
Scripts that automate OWASP ZAP as part of a continuous delivery pipeline
Scripts that automate OWASP ZAP as part of a continuous delivery pipelineScripts that automate OWASP ZAP as part of a continuous delivery pipeline
Scripts that automate OWASP ZAP as part of a continuous delivery pipeline
Sherif Mansour
 
The Seven Kinds of Security
The Seven Kinds of SecurityThe Seven Kinds of Security
The Seven Kinds of Security
Veracode
 
AllDayDevOps ZAP automation in CI
AllDayDevOps ZAP automation in CIAllDayDevOps ZAP automation in CI
AllDayDevOps ZAP automation in CI
Simon Bennetts
 
It All Started With a Wager About System Upgrades
It All Started With a Wager About System UpgradesIt All Started With a Wager About System Upgrades
It All Started With a Wager About System Upgrades
Threat Stack
 
Building a deployment pipeline
Building a deployment pipelineBuilding a deployment pipeline
Building a deployment pipeline
Noam Shochat
 
Development stack for an healthcare application
Development stack for an healthcare applicationDevelopment stack for an healthcare application
Development stack for an healthcare application
Ravindran Padmanabhan (Rady)
 
Highly efficient container orchestration and continuous delivery with DC/OS a...
Highly efficient container orchestration and continuous delivery with DC/OS a...Highly efficient container orchestration and continuous delivery with DC/OS a...
Highly efficient container orchestration and continuous delivery with DC/OS a...
Christian Bogeberg
 
Iot for e-health system project concept
Iot for e-health system project conceptIot for e-health system project concept
Iot for e-health system project concept
Vakhtang Mosidze
 
Automating OWASP ZAP - DevCSecCon talk
Automating OWASP ZAP - DevCSecCon talk Automating OWASP ZAP - DevCSecCon talk
Automating OWASP ZAP - DevCSecCon talk
Simon Bennetts
 
advantage and disadvantage of technology
advantage and disadvantage of technology advantage and disadvantage of technology
advantage and disadvantage of technology
Ziyad Siso
 
Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Dinis Cruz
 
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
jtmelton
 
The OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyThe OWASP Zed Attack Proxy
The OWASP Zed Attack Proxy
Aditya Gupta
 
Another 7 tools for your #devops stack
Another 7 tools for your #devops stackAnother 7 tools for your #devops stack
Another 7 tools for your #devops stack
Kris Buytaert
 
Managing the Continuous Delivery of Code to AWS Lambda
Managing the Continuous Delivery of Code to AWS LambdaManaging the Continuous Delivery of Code to AWS Lambda
Managing the Continuous Delivery of Code to AWS Lambda
Amazon Web Services
 
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...
Amazon Web Services
 

Viewers also liked (18)

Veracode Automation CLI (using Jenkins for SDL integration)
Veracode Automation CLI (using Jenkins for SDL integration)Veracode Automation CLI (using Jenkins for SDL integration)
Veracode Automation CLI (using Jenkins for SDL integration)
 
ANSYS-Advantage-Healthcare-AA-V9-I1
ANSYS-Advantage-Healthcare-AA-V9-I1ANSYS-Advantage-Healthcare-AA-V9-I1
ANSYS-Advantage-Healthcare-AA-V9-I1
 
Scripts that automate OWASP ZAP as part of a continuous delivery pipeline
Scripts that automate OWASP ZAP as part of a continuous delivery pipelineScripts that automate OWASP ZAP as part of a continuous delivery pipeline
Scripts that automate OWASP ZAP as part of a continuous delivery pipeline
 
The Seven Kinds of Security
The Seven Kinds of SecurityThe Seven Kinds of Security
The Seven Kinds of Security
 
AllDayDevOps ZAP automation in CI
AllDayDevOps ZAP automation in CIAllDayDevOps ZAP automation in CI
AllDayDevOps ZAP automation in CI
 
It All Started With a Wager About System Upgrades
It All Started With a Wager About System UpgradesIt All Started With a Wager About System Upgrades
It All Started With a Wager About System Upgrades
 
Building a deployment pipeline
Building a deployment pipelineBuilding a deployment pipeline
Building a deployment pipeline
 
Development stack for an healthcare application
Development stack for an healthcare applicationDevelopment stack for an healthcare application
Development stack for an healthcare application
 
Highly efficient container orchestration and continuous delivery with DC/OS a...
Highly efficient container orchestration and continuous delivery with DC/OS a...Highly efficient container orchestration and continuous delivery with DC/OS a...
Highly efficient container orchestration and continuous delivery with DC/OS a...
 
Iot for e-health system project concept
Iot for e-health system project conceptIot for e-health system project concept
Iot for e-health system project concept
 
Automating OWASP ZAP - DevCSecCon talk
Automating OWASP ZAP - DevCSecCon talk Automating OWASP ZAP - DevCSecCon talk
Automating OWASP ZAP - DevCSecCon talk
 
advantage and disadvantage of technology
advantage and disadvantage of technology advantage and disadvantage of technology
advantage and disadvantage of technology
 
Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016
 
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
 
The OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyThe OWASP Zed Attack Proxy
The OWASP Zed Attack Proxy
 
Another 7 tools for your #devops stack
Another 7 tools for your #devops stackAnother 7 tools for your #devops stack
Another 7 tools for your #devops stack
 
Managing the Continuous Delivery of Code to AWS Lambda
Managing the Continuous Delivery of Code to AWS LambdaManaging the Continuous Delivery of Code to AWS Lambda
Managing the Continuous Delivery of Code to AWS Lambda
 
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...
 

Similar to Healthcare application-security-practices-survey-veracode

application-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracodeapplication-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracodesciccone
 
Selling Your Organization on Application Security
Selling Your Organization on Application SecuritySelling Your Organization on Application Security
Selling Your Organization on Application Security
Veracode
 
Does Application Security Pay? Measuring the Business Impact of Software Secu...
Does Application Security Pay? Measuring the Business Impact of Software Secu...Does Application Security Pay? Measuring the Business Impact of Software Secu...
Does Application Security Pay? Measuring the Business Impact of Software Secu...
Mainstay
 
Webinar: CX up AND costs down?
Webinar: CX up AND costs down?Webinar: CX up AND costs down?
Webinar: CX up AND costs down?
The Digital Insurer
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeSean Varga
 
Apperian 2015 Executive Enterprise Mobility Survey
Apperian 2015 Executive Enterprise Mobility SurveyApperian 2015 Executive Enterprise Mobility Survey
Apperian 2015 Executive Enterprise Mobility Survey
Jennifer Walker
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecJessica Lavery Pozerski
 
Market landscape how pervasive technology has changed the game
Market landscape how pervasive technology has changed the gameMarket landscape how pervasive technology has changed the game
Market landscape how pervasive technology has changed the game
Dennis Stoutjesdijk
 
Training Catalogue - CyberSec_Technocracy.pdf
Training Catalogue - CyberSec_Technocracy.pdfTraining Catalogue - CyberSec_Technocracy.pdf
Training Catalogue - CyberSec_Technocracy.pdf
dotco
 
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseData security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
The Economist Media Businesses
 
Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016
Jeremiah Grossman
 
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Hewlett Packard Enterprise Business Value Exchange
 
Caspio Low-Code Report, 2020
Caspio Low-Code Report, 2020Caspio Low-Code Report, 2020
Caspio Low-Code Report, 2020
Brian Metzger
 
Insurance rating software market
Insurance rating software marketInsurance rating software market
Insurance rating software market
HarshalBamble
 
Website Security Statistics Report 2013
Website Security Statistics Report 2013Website Security Statistics Report 2013
Website Security Statistics Report 2013
Bee_Ware
 
Apperian 2014 Executive Enterprise Mobility Report
Apperian 2014 Executive Enterprise Mobility ReportApperian 2014 Executive Enterprise Mobility Report
Apperian 2014 Executive Enterprise Mobility Report
Jennifer Walker
 
Symantec corporate presentation 3 28-14
Symantec corporate presentation 3 28-14Symantec corporate presentation 3 28-14
Symantec corporate presentation 3 28-14InvestorSymantec
 
Healthcare Information Software Market PPT 2022: Size, Growth, Demand and For...
Healthcare Information Software Market PPT 2022: Size, Growth, Demand and For...Healthcare Information Software Market PPT 2022: Size, Growth, Demand and For...
Healthcare Information Software Market PPT 2022: Size, Growth, Demand and For...
IMARC Group
 
Digital Readiness and the Pandemic: Assessing the Impact
Digital Readiness and the Pandemic: Assessing the ImpactDigital Readiness and the Pandemic: Assessing the Impact
Digital Readiness and the Pandemic: Assessing the Impact
Tata Consultancy Services
 

Similar to Healthcare application-security-practices-survey-veracode (20)

application-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracodeapplication-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracode
 
Selling Your Organization on Application Security
Selling Your Organization on Application SecuritySelling Your Organization on Application Security
Selling Your Organization on Application Security
 
Does Application Security Pay? Measuring the Business Impact of Software Secu...
Does Application Security Pay? Measuring the Business Impact of Software Secu...Does Application Security Pay? Measuring the Business Impact of Software Secu...
Does Application Security Pay? Measuring the Business Impact of Software Secu...
 
Webinar: CX up AND costs down?
Webinar: CX up AND costs down?Webinar: CX up AND costs down?
Webinar: CX up AND costs down?
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracode
 
Apperian 2015 Executive Enterprise Mobility Survey
Apperian 2015 Executive Enterprise Mobility SurveyApperian 2015 Executive Enterprise Mobility Survey
Apperian 2015 Executive Enterprise Mobility Survey
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSec
 
Market landscape how pervasive technology has changed the game
Market landscape how pervasive technology has changed the gameMarket landscape how pervasive technology has changed the game
Market landscape how pervasive technology has changed the game
 
Training Catalogue - CyberSec_Technocracy.pdf
Training Catalogue - CyberSec_Technocracy.pdfTraining Catalogue - CyberSec_Technocracy.pdf
Training Catalogue - CyberSec_Technocracy.pdf
 
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseData security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
 
Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016
 
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
 
Caspio Low-Code Report, 2020
Caspio Low-Code Report, 2020Caspio Low-Code Report, 2020
Caspio Low-Code Report, 2020
 
Insurance rating software market
Insurance rating software marketInsurance rating software market
Insurance rating software market
 
SECURITY
SECURITYSECURITY
SECURITY
 
Website Security Statistics Report 2013
Website Security Statistics Report 2013Website Security Statistics Report 2013
Website Security Statistics Report 2013
 
Apperian 2014 Executive Enterprise Mobility Report
Apperian 2014 Executive Enterprise Mobility ReportApperian 2014 Executive Enterprise Mobility Report
Apperian 2014 Executive Enterprise Mobility Report
 
Symantec corporate presentation 3 28-14
Symantec corporate presentation 3 28-14Symantec corporate presentation 3 28-14
Symantec corporate presentation 3 28-14
 
Healthcare Information Software Market PPT 2022: Size, Growth, Demand and For...
Healthcare Information Software Market PPT 2022: Size, Growth, Demand and For...Healthcare Information Software Market PPT 2022: Size, Growth, Demand and For...
Healthcare Information Software Market PPT 2022: Size, Growth, Demand and For...
 
Digital Readiness and the Pandemic: Assessing the Impact
Digital Readiness and the Pandemic: Assessing the ImpactDigital Readiness and the Pandemic: Assessing the Impact
Digital Readiness and the Pandemic: Assessing the Impact
 

Recently uploaded

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 

Recently uploaded (20)

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 

Healthcare application-security-practices-survey-veracode

  • 1. Application Security Best Practices SurveyInsights for the Healthcare Industry
  • 2. 2 Application Security Benchmark Survey Insights for the Healthcare Industry •About this survey •What is being developed by enterprises? •What is not being tested? •How will things change in 12 months? •Executive commitment •A plan to close the gap
  • 3. 3 About The Survey •Conducted by IDGResearch from May-June 2014 •Respondents: -100 US -100 UK -106 Germany & Switzerland 26% 5% 6% 6% 8% 9% 11% 14% 16% Other Telecommunications Retail, Wholesale Healthcare, Medical, Biotech, Pharmaceuticals Advertising, PR, Marketing Business services, Consulting Manufacturing & Distribution Computing (HW, SW, Services) Financial services (banking, accounting,insurance) 0% 10% 20% 30% 17% 27% 16% 21% 18% $500 million - $999.9 million $1 billion - $2.9 billion $3 billion - $4.9 billion $5 billion - $9.9 billion $10 billion or more
  • 4. What is being developed by enterprises?
  • 5. 5 Healthcare enterprise application portfolio Internally Developed vs. Externally Sourced Internally developed Sourced from commercial software vendor Outsourced (developed by third party) 34% 42% 24% Source: Veracode and IDGResearch Services Q1. With the total equal to 100%, please estimate what proportion of your organization’s total enterprise application portfoliois internally developed vs. externally-developed/ sourced? Healthcare Base: 18 Average number of internally developed enterprise applications 1829 Source: Veracode and IDGResearch Services Q9. How many internally developed enterprise applications are currently deployed within your organization? Healthcare Base: 18
  • 6. 6 Taxonomy of internally developed applications Source: Veracode and IDGResearch Services Q3. With the total equal to 100%, approximately what percent of your internally developedenterprise application portfolio falls into the following application architecture categories? Healthcare Base: 18 31% 25% 22% 24% Mobile Applications Web Applications Client/Server Applications Terminal Applications HEALTHCARE
  • 7. What is being spent on securing internally developed applications?
  • 8. 8 Security spending on internally developed enterprise applications HEALTHCARE 0% 17% 22% 17% 11% 22% 11% 0% 0% 35% Less than $100,000 $100,000 to $249,999 $250,000 to $499,999 $500,000 to $749,999 $750,000 to $999,999 $1M to $2.49M $2.5M to $4.9M $5M or more $1.12M Source: Veracode and IDGResearch Services Q7a. Please estimate your organization’s overall spend on application security for internally developed applications? Total Healthcare Base: 18
  • 9. 9 Breakdown of application security spending on internally developed applications HEALTHCARE Penetration Testing SAST DAST Application Discovery/Inventory 20% 26% 31% 22% Source: Veracode and IDGResearch Services Q7b. Approximately what percent of your organization’s application security budget for internally developed applications is spent on the following: Healthcare Base: 18
  • 10. What is not being tested?
  • 11. 11 Internally developed applications not tested for security vulnerabilities Source: Veracode and IDG Research Services Q5a. For each application architecture listed below, approximately what percentage of your organization’s internally developed applications do you test for security vulnerabilities? (Total does not have to add up to 100%) Healthcare Base: 18 HEALTHCARE MOBILE APPLICATIONS 63% not tested for vulnerabilities WEB APPLICATIONS 57%not tested for vulnerabilities TERMINAL APPLICATIONS 64%not tested for vulnerabilities CLIENT/SERVER APPLICATIONS 59%not tested for vulnerabilities ALL APPLICATIONS 60%not tested for vulnerabilities A
  • 12. 12 Importance of closing the gaps in application security testing HEALTHCARE Source: Veracode and IDG Research Services Q5b. For each application architecture listed below, how important is it for your organization to close the gaps in coverage and move closer to testing 100% of your internally developed applications for security vulnerabilities? Healthcare Base: 18 87% MOBILE APPLICATIONS (N = 15) 80% WEB APPLICATIONS (N = 15) 69% CLIENT/SERVER APPLICATIONS (N = 16) 69% TERMINAL APPLICATIONS (N = 16) Respondent organizations reporting less than 100% coverage citing a critical or very important need to close gaps in coverage:
  • 13. How will things change in 12 months?
  • 14. 14 Changes in application security programs: 12 month projection for Healthcare industry Source: Veracode and IDGResearch Services Q5a. For each application architecture listed below, approximately what percentage of your organization’s internally developed applications do you test for security vulnerabilities? (Total does not have to add up to 100%) Healthcare Base: 18 2.92% average increase Change in security spend for internally developed applications (or 177 new apps) Average growth of internally developed applications 9.7% average increase Estimated 2015 Budget: $1.15M Estimated 2015 Need: $3.11M To test all current and new applications with existing approaches $1.95M Average gap between need and budget Source: Veracode and IDGResearch Services Q8. How do you expect your organization’s overall spending on application security for internally developed enterprise applications to change over the next 12 months? Healthcare Base: 18
  • 16. 16 Executive commitment to application security testing HEALTHCARE Executives have mandated an enterprise-wide program and are tracking implementation Executives are aware of but have not mandated an enterprise-wide program Executives are interested in application security for business critical applications only Executives have little interest in application security programs 44% 28% 28% 0% Source: Veracode and IDGResearch Services Q9. Which of the following most accurately describes the level of executive commitment to application security testing (for internally developed applications) within your organization? Healthcare Base: 18
  • 17. 17 A Plan to Close the Gap* Anticipated spending increases are dramatically lower than the minimum spending increase that IDGdetermined is required to close the gap. Simply extrapolating the existing assessment approaches to close the gap puts the CSOin an untenable budgetary situation. The key is rethinking these elements: •How security gets built into applications as they are being developed •How to build in security at the scale and pace required to support the more than 340 anticipated new applications that enterprises, on average, will develop in the next 12 months •How to build in security so that it lowers the financial burden of proactively managing risk By seeking out best practices for implementing application security at scale, CIOsand CSOscan use their expected budget increases for initiatives that tackle their existing gap in a significant way. * Except from “Why Application Security is a Business Imperative” IDGResearch, Aug 2014
  • 18. Start the assessment http://www.veracode.com/application-security-assessment