Less Than 50% Of 3d Party Code Is Tested For Security and Quality

QArea Team by QArea Team on December 8, 2011

Less Than 50% Of 3d Party Code Is Tested For Security and Quality
Reading Time: 2 minutes

Software Integrity Risk Report of Coverity examines code quality in Europe and America

Coverity has declared the outputs of the “Software Integrity Risk Report“, Forrester Consulting conducted a commissioned study on behalf of the company to investigate developer trends in a software code quality.

During the software integrity research which surveyed 336 software development influencers in Europe and North America on running market trends and practices for leading software security, quality and safety.

According to this study, the most of companies source software code from multitude 3d parties and this code isn’t tested for security, quality and safety along with the same stupor as in-house developed software. It also has been revealed by the study that a mistrustful risk-to-responsibility culture is making in development and highlights the impact that software defects provide on business.

The study revealed the important adoption of 3d party code and this code impact on priorities of business. The highlights include:

  • Approximately 65% of companies state that software defects impact customer satisfaction, while 47% believe that time-to-market is impacted by software defects as well.
  • Over 90% of respondents corroborated that they deploy 3d party supplied cod from outsourced teams, commercial vendors or open source providers.
  • Only 35% of companies request manual code review on internally developed code.
  • More than 40% of respondents mentioned that problems from 3d party code arising in product recalls or delays, revenue impact, increase in development time and security vulnerabilities have effected them to seek higher visibility into code integrity.
  • Only 35% of companies conduct security, vulnerabilities or risk assessments for 3d party code, if to compare with 70 % of companies utilizing these methods on their in-house developed software.
  • Only 44% of companies direct automated code testing at the time of development for third-party code, if to compare with 69 % which deploy automated code testing for in-house developed software.

According to chief marketing officer at Coverity, Dave Peterson, the Software Integrity Risk Report data represents very telling of the drivers for alteration within software code accountability. He also added that present development teams are in an actual pinch. Developers are accountable for 100% for the outcome of their software project, as yet they can’t control the software that was delivered by third parties. This has leaded to strong demand from clients looking for governance and control over the complete software supply chain.