According to a report from research and analysis firm Quocirca, 90 percent of the companies that are victims of hacking outsource more than 40 percent of their software development.Not only that, but 60 percent of the companies surveyed don't pay attention to security issues when they outsource their code, and 20 percent don't even consider security when developing code in-house. At the same time, nearly 80 percent of the companies for whom software development is "mission critical" are choosing to outsource some or all of it.
Other studies have already shown that hackers are targeting applications -- the U.S. National Institute of Standards and Technology has reported that 92 percent of the vulnerabilities affecting computer networks are contained in software applications. "These survey results help explain the recent, sudden rise in data breaches and should serve as a wake-up call to any executive whose company sits on a pile of mission-critical application code," said Howard Schmidt, a former cybersecurity advisor to the White House. Schmidt now works for Fortify Software, which announced the results of the Quocirca report.