SHARE
Facebook X Pinterest WhatsApp

InfoSec Spending to Focus on Application Security in 2010

As organizations begin planning their 2010 budgets, many have targeted application security as a top priority for the coming year, according to a new report from The InfoPro released today. The New York-based research firm released its Information Security Study following thorough interviews with 246 security professionals at Fortune 1000 organizations and midsize enterprises in […]

Aug 4, 2009
Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

As organizations begin planning their 2010 budgets, many have targeted application security as a top priority for the coming year, according to a new report from The InfoPro released today.

The New York-based research firm released its Information Security Study following thorough interviews with 246 security professionals at Fortune 1000 organizations and midsize enterprises in North America and Europe this year. The general consensus was that mitigating risks in the application stack is the most pressing concern among practicing infosec experts.

The emphasis on application security tracks with the current threat landscape. According to the Verizon Business 2009 Data Breach Investigations Report, 79 percent of data breaches in 2008 were compromised via Web applications. According to TheInfoPro’s recent interviews, approximately 82 percent of those studied reported that applications available outside the corporate firewall worry them most. The InfoPro analysts found that slightly more than half of applications named by Fortune 1000 respondents fall in this category.

According to the survey, though awareness has risen regarding application threats most organizations still lack the fundamentals of a strong application security practice. Only 38 percent of Fortune 1000 respondents use static application analysis tools. Of those without, only an additional 17 percent plan on implementing such tools in the future.

Meanwhile, in a different survey conducted by application security vendor Breach Security at last week’s Black Hat event in Las Vegas, 60 percent of security pros said it takes their companies between one and four weeks to remediate a SQL injection, cross-site scripting attack or other critical web vulnerabilities—a period of ions in an era when the typical malware campaign is conducted within just a matter of days or even hours.

The growing push to amp up corporate application security practices has been evidenced by a lot of recent market movement. Last week IBM picked up the application security firm Ounce Labs for an undisclosed amount. And just last month Verizon Business rolled out a new application security service to its customers.

 

Recommended for you...

SonicWall’s Michael Crean on State of Managed Security
Victoria Durgin
Sep 17, 2025
Gigamon Unveils Agentic AI App to Boost IT Productivity
Luis Millares
Sep 16, 2025
Sentra Releases Security Guardrail Tooling for Copilot Users
Victoria Durgin
Sep 16, 2025
BlackFog & Exertis Enterprise Ink Distribution Deal
Victoria Durgin
Sep 16, 2025
Channel Insider Logo

Channel Insider combines news and technology recommendations to keep channel partners, value-added resellers, IT solution providers, MSPs, and SaaS providers informed on the changing IT landscape. These resources provide product comparisons, in-depth analysis of vendors, and interviews with subject matter experts to provide vendors with critical information for their operations.

Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.