SOURCE: Aberdeen Group

Aberdeen Group

October 19, 2010 11:00 ET

Application Security Strategies: Find and Fix (Later)

Users of Application Vulnerability Scanning and Penetration Testing Solutions Realized a 3.1-Times Return on Their Annual Application Security Investments

BOSTON, MA--(Marketwire - October 19, 2010) - In the second of a four-part series of research on application security, Aberdeen Group, a Harte-Hanks Company (NYSE: HHS) found that application vulnerability scanning and penetration testing technologies are strong differentiators of top performance. Both are 50% to 70% more likely to be used by the leading performers than by the lagging performers in the study, and in general these technologies are viewed as the cornerstones of ongoing application security assurance.

Aberdeen's analysis of companies adopting the find and fix strategy -- i.e., the use of application vulnerability scanning and penetration testing solutions to identify the security vulnerabilities in the applications currently in production, to be addressed subsequently by the application developers -- found that they realized a very strong 3.1-times return on their annual application security investments. Particularly in the context of achieving, sustaining and demonstrating PCI compliance, the use of application vulnerability scanning and penetration testing solutions are seen to be strong differentiators of the companies achieving top results.

"The good news: companies adopting the 'find and fix' strategy for application security realized a very strong return on their annual investments," commented Derek E. Brink, vice president and research fellow for IT Security, Aberdeen Group. "Given that the average total cost of remediating an actual application security-related incident is so high, however, Aberdeen's research shows that successful prevention still outweighs the undeniable benefits of proactive inspection and detection."

To obtain a complimentary copy of the Application Scanning and Penetration Testing: Find and Fix (Later) report, visit:

A complimentary copy of the Securing Your Applications: Three Ways to Play report is available at:

To take a complimentary, easy-to-use interactive assessment that can help you to identify the strategies, capabilities, and technologies used by companies with top performance in the area of application security, visit:

For additional access to complimentary Information Technology research, please visit

To view complimentary 30-minute webcasts highlighting findings from this and other Aberdeen IT Security research, visit

About Aberdeen Group, a Harte-Hanks Company

Aberdeen provides fact-based research and market intelligence that delivers demonstrable results. Having queried more than 30,000 companies in the past two years, Aberdeen is positioned to educate users to action: driving market awareness, creating demand, enabling sales, and delivering meaningful return-on-investment analysis. As the trusted advisor to the global technology markets, corporations turn to Aberdeen for insights that drive decisions.

As a Harte-Hanks Company, Aberdeen plays a key role of putting content in context for the global direct and targeted marketing company. Aberdeen's analytical and independent view of the "customer optimization" process of Harte-Hanks (Information - Opportunity - Insight - Engagement - Interaction) extends the client value and accentuates the strategic role Harte-Hanks brings to the market. For additional information, visit Aberdeen or call (617) 854-5200, or to learn more about Harte-Hanks, call (800) 456-9748.

© 2010 Aberdeen Group, Inc., a Harte-Hanks Company
451 D Street, Suite 710
Boston, Massachusetts 02210-1928
Telephone: (617) 854-5200
Fax: (617) 723-7897