Security research, news and guidance

OWASP Security Spending Benchmarks Report published

March 21, 2009  |  Written by admin  |   Application Security   |   Leave a comment

The OWASP Security Spending Benchmarks project have released a report today which contains some very interesting information on security budgets, staffing and spending breakdown.

I enjoyed reading the report because it will allow me to analyse how my employer funds and staffs information security compared to other companies – I don’t recall reading a report like this before.

The main findings from the report were:

Organizations that have suffered a public data breach spend more on security in the development process than those that have not.

Web application security spending is expected to either stay flat or increase in nearly two thirds of companies.

Half of respondents consider security experience important when hiring developers, and a majority provide their developers with security training.

38% have a third party firm conduct a security review of outsourced code.

At least 61% of respondents perform an independent third party security review before deploying a Web application while 17% do not (the remainder do not know or do so when requested by customers).

Just under half of the surveyed organizations have Web application firewalls deployed for at least some of their Web applications.

I suggest that you have a read of the report, it is a another example of the brilliant work done by OWASP volunteers. You can get the PDF report here.


This entry was posted on March 21, 2009 at 5:09 am and is filed under Application Security . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a comment


Look at our latest security Videos & SlideShares


Upcoming Security Events & Seminars


Check out our Podcasts & White Papers