When commercial software is simply not appropriate for gathering and/or using business data, enterprises often turn to in-house development. While this allows for the development of software with specific functionality, it can lead to security issues since in-house developed solutions don't come with extensive support organizations that deliver regular security patches. The involvement of the IT security group in application development is essential to producing more secure applications.
This research note addresses the following points:
- The degree to which the IT security group is responsible for application security.
- The degree to which the IT security group is involved in application development.
Appropriately leveraging in-house experts during the development of home-grown applications will ensure that these tools are securely delivered and maintained.