SOURCE: Symantec

September 19, 2006 08:00 ET

Symantec Finds Firms Recognize Importance of Application Security, Yet Lack Commitment in Development Process

Survey Results Indicate Deadlines and Competitive Pressures Often Take Precedence Over Security in Go to Market Timing

CUPERTINO, CA -- (MARKET WIRE) -- September 19, 2006 -- Symantec Corp. (NASDAQ: SYMC) today announced the results of a survey showing that awareness is growing among software developers about the need to improve application security and implement a more holistic approach to secure coding. According to a June 2006 survey of 400 U.S. based software developers that was commissioned by Symantec, an overwhelming 93 percent felt that secure application development was more of a priority now than three years ago. Also 70 percent indicated that their employers emphasize the importance of application security, 74 percent indicated that security was a high priority in their development process, yet only 29 percent stated that security was always part of the development process.

"Increasing security for applications that will be used by consumers and businesses has become a priority for companies around the world. As the gateway to information over the Internet and internal corporate networks, applications have become a company's greatest asset and, in turn, an attacker's primary objective," said Charlie Johnson, vice president, Symantec Global Consulting Services. "Application security plays a large role in one of the biggest problems plaguing online business as consumers move toward a digital lifestyle."

Appropriate application security requires the use of various tools and procedural methods to ensure deployed applications are adequately protected against external threats. Security measures built into applications and a sound secure application development process minimize the likelihood that hackers will be able to manipulate applications to access, steal, modify, or delete sensitive data.

Symantec's March 2006 Internet Security Threat Report validated the growing trend in industry Web application vulnerabilities and need for more secure applications. Between July and December 2005, 69 percent of vulnerabilities were associated with Web applications, a 15 percent increase over the first half of 2005. Additionally, Symantec documented 40 percent more vulnerabilities in the industry in 2005 than in 2004. During the second half of 2004, Web applications accounted for 49 percent of all vulnerabilities.

To gauge respondents' understanding of and experience with application security, Symantec surveyed developers on the level of training received by personnel with regard to application security, the level of corporate commitment and awareness among developers with regard to application security, and processes and practices in place within companies.

While the survey indicated that secure coding was considered a high priority by management, only 12 percent of respondents indicated that security always takes priority over meeting competitive deadlines and time to market pressures. The survey results also underscored the need for continued education for developers. Only 40 percent of respondents had received formal training on secure coding through their employer. Furthermore, although two-thirds of respondents regularly incorporate security as part of the QA process, still roughly one-third of respondents have not yet integrated security into their QA process.

Symantec commissioned Applied Research to conduct the survey.

Symantec Secure Application Services

Symantec Secure Application Services are offered by Symantec's Consulting Services organization, which provides organizations with best-practice security measures through comprehensive assessments, planning, and design consultation, and are backed by Symantec's unparalleled research, methodologies, and consulting expertise. Symantec Secure Application Services are available worldwide. More information is available by calling toll-free 1-800 745 6054 or visiting

About Symantec

Symantec is the world leader in providing solutions to help individuals and enterprises assure the security, availability, and integrity of their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at All prices noted are in U.S. dollars and are valid only in the United States.

Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

Contact Information