Companies that fix vulnerabilities during development process could save as much as $2.4 million a year, according to report

Dark Reading Staff, Dark Reading

September 14, 2010

1 Min Read

If you could find and fix security flaws before the application is deployed, instead of afterward, then your organization would save money. But how much could you really save?

That's the question studied in a new report published today by ROI consultancy Mainstay Partners and Fortify Software. The report suggests that the cost savings of secure software development could be substantial.

"The study found that companies are realizing substantial benefits from [secure software assurance] right out of the box, saving as much as $2.4M per year from a range of efficiency and productivity improvements, including faster, less-costly code scanning and vulnerability remediation, and streamlined compliance and penetration testing," the report says.

The study looked at 17 large enterprises that implemented Fortify's Secure Software Assurance (SSA) practices, and measured the time and costs saved after the transition. In most cases, software vulnerabilities were reduced from hundreds to tens, and repeat vulnerabilities were all but eliminated. Average time to fix flaws went from weeks to hours, the study says.

"This report helps to show that the benefits of SSA are measurable," says Roger Thornton, CTO and founder of Fortify, which is being acquired by Hewlett-Packard. "If you build code better, the cost of building the code goes down."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights