For many enterprises, commercial off-the-shelf (COTS) software simply does not offer the functionality required. As a result, home-grown applications are used to deliver key functionality. However, since in-house developed solutions don't come with extensive support organizations and regular security patches, enterprise security can be compromised. Address this shortcoming by allocating some responsibility to the internal security team and involving them in development projects early in the cycle.
This research note addresses the following two points:
- The degree to which the IT security group is responsible for application security.
- The degree to which the IT security group is involved in application development.
Appropriately leveraging in-house experts during the development of home-grown applications will ensure that these tools are securely delivered and maintained.