Home / Blogs

Would You Fly an Airplane That Had a Pre-flight Checkout That Was Only 40 Percent Complete?

By Greg Reber CEO of AsTech Consulting

In the aviation world safety is paramount. Commercial airlines go to major lengths to make sure that their planes are fully up to code and can fly safely in the air. The risks—loss of human lives—are far too extreme to take any chances. One result of this diligence is the fact that travel by plane is far safer than any other method—nearly 40 times safer per mile than travel by car.

While application security risks are not as dire, research shows CSOs fail to use the same stringent level of safety to secure their Internet-facing applications. In fact, most organizations may not be aware of 60% of their internet application vulnerabilities because they only rely on automatic external website scanning and/or automatic static source code or binary analysis tools. These methods only find approximately 40% of the types of security vulnerabilities that should be discovered in a security assessment.

Sixty percent is clearly a statistic that would cause many CSOs to lose sleep. As I have highlighted before, organizations with Internet facing applications need to apply the same level of security diligence as they would for perimeter defenses by taking a strategic look at their application security practices to cover this massive gap.

The only way to determine the total risk due to application vulnerabilities is to assess Internet and intranet applications using a blend of manual and automated analyses. Manual static analysis involves a review of the application architecture and source code by highly skilled software security engineers. The resulting analysis is comprehensive and, overall, the most reliable of the approaches.

Thankfully, some companies in the financial services sector have taken an airline-like safety approach by using this comprehensive method of analysis. I encourage everyone to take a hard look at their online application vulnerability assessment methods. And, as a frequent flier, I would choose to fly on an airline that has a complete pre-flight checkout of every plane, not one that’s only going to find 40% of the possible dangers.

By Greg Reber, CEO of AsTech Consulting

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global

DNS

Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

Cybersecurity

Sponsored byVerisign

View All Topics