That's the question studied in a new report published today by ROI consultancy Mainstay Partners and Fortify Software. The report suggests that the cost savings of secure software development could be substantial.
"The study found that companies are realizing substantial benefits from [secure software assurance] right out of the box, saving as much as $2.4M per year from a range of efficiency and productivity improvements, including faster, less-costly code scanning and vulnerability remediation, and streamlined compliance and penetration testing," the report says.
The study looked at 17 large enterprises that implemented Fortify's Secure Software Assurance (SSA) practices, and measured the time and costs saved after the transition. In most cases, software vulnerabilities were reduced from hundreds to tens, and repeat vulnerabilities were all but eliminated. Average time to fix flaws went from weeks to hours, the study says.
"This report helps to show that the benefits of SSA are measurable," says Roger Thornton, CTO and founder of Fortify, which is being acquired by Hewlett-Packard. "If you build code better, the cost of building the code goes down."
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.