Despite all of the talk surrounding the importance of software quality, a study released today shows few companies are walking the secure development walk. Those looking for good news when it comes to healthy software development hygiene are going to be soundly disappointed by today’s news. In a study conducted by Forrester Consulting, commissioned by software security firm Coverity, 336 people involved in software development in North America and Europe were surveyed on their current practices when it came to managing software quality, security and safety.The takeaway: not everyone is brushing their teeth, nor eating their five figurative servings of fruits and vegetables every day. According to the study, the Software Integrity Risk Report, while most companies outsource software code development from third parties, that code is not tested for quality, safety and security to the same degree as their in-house developed software. Also see: A new hope for software security?The study found significant disparities between how internally developed code is tested, when compared to code developed by third parties. First, only 44 percent of companies conduct automated code testing during development for third party code. However, 69 percent use automated code testing for internally developed software. Second, only 35 percent of companies conduct risk, security or vulnerabilities assessments for third party code, compared to 70 percent of companies deploying these methods on their internally developed software.“Software security and integrity is probably the most challenging problem to solve in security today,” says Pete Lindstrom, research director at Spire Security. “But the reality is that the tools used to analyze software code have a high signal to noise ratio and are not easy to use.”Beyond the expected security vulnerabilities that are a byproduct of poor development practices, about 65 percent of companies reported that customer satisfaction is also impacted by software defects, while 47 percent said the same time-to-market is also hurt by software defects. While most everyone acknowledges software quality is one of the most pressing security concerns today, no one expects a quick fix any time soon. “While it borders on negligent to ignore software quality, the reality is that the tools available today are difficult to use and provide undependable results,” says Lindstrom. George V. Hulme writes about security and technology from his home in Minneapolis. He is so concerned about software vulnerabilities, every time his browser crashes he wonders if it’s an APT. Fortunately, he doesn’t use firewalls on Twitter, where he can be found at @georgevhulme. Related content news Is China waging a cyber war with Taiwan? Nation-state hacking groups based in China have sharply ramped up cyberattacks against Taiwan this year, according to multiple reports. By Gagandeep Kaur Dec 01, 2023 4 mins Cyberattacks Government news Apple patches info-stealing, zero day bugs in iPads and Macs The vulnerabilities that can allow the leaking of sensitive information and enable arbitrary code execution have had exploitations in the wild. By Shweta Sharma Dec 01, 2023 3 mins Zero-day vulnerability feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff Dec 01, 2023 6 mins Technology Industry IT Skills Events news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe