Coverity recently published the results of a commissioned survey, conducted by Forrester Consulting, which found that the majority of companies had experienced at least one Web application security breach in the last 18 months.
Eighteen percent of respondents said they had lost more than $500,000 as a result of those breaches, and 8 percent said they had lost more than $1 million.
Still, the survey found that most companies have yet to implement secure development practices.
"Developers cited poor integration with their development environments, a requirement for too much security expertise and the large number of false positives as the three biggest challenges in dealing with security tools for web applications," The H Security reports. "Although some of the security experts surveyed agreed that integration of tools is a challenge, none believed that security tools were too complex or required too much expertise.'
"According to survey results, only 51 percent of organizations currently have coders conduct security testing, and only 40 percent of organizations report they test during development," writes Dark Reading's Ericka Chickowski. "And just 42 percent have any kind of secure coding guidelines in place within their organizations."
"It's clear that security practitioners and developers aren't speaking the same language when it comes to application security, and this is leading to very costly consequences for companies," Coverity vice president of marketing Jennifer Johnson said in a statement. "Application security begins and ends with development. Developers need to be part of the solution but the industry won't solve the problem until security is incorporated into the development process with technologies and processes that developers can understand and adopt."