February 28, 2011, 11:19 AM — The majority of software developers do not believe that there is enough guidance for secure application development for both established and new platforms, according to a survey.
Creative Intellect Consulting's survey, 'The State of Secure Applications Lifecycle Management', asked more than 170 professionals from the software security and enterprise architect community if they felt that there was enough access to secure code and test strategy guidance from inside and outside their organisations. Members of the information security professional body (ISC2) and the International Association of Software Architects (IASA) were also included.
The biggest surprise for the researchers was that a large number of respondents were looking for mainframe security guidance.
More than 70% felt there was insufficient security guidance for application and deployment models such as the various 'as-a-Service' platforms associated with cloud computing, mainframe, virtualization, mobile and Rich Internet Applications (RIA).
"We expected mainframe people weren't looking for much guidance, but the number of respondents who said they didn't have sufficient security guidance in mainframe was right up there with cloud and SaaS - it [mainframe] is supposed to be established," said Bola Rotibi, research director at Creative Intellect.
Rotibi said that mainframe technology is still very much an incumbent technology for organisations, for example, in the public sector.
"They're not rushing to get rid of them, and a lot of the original skills in that area are an ageing skill set.
"Also, the mainframe is taking a much bigger role in developing new applications, for example, in analytics," she said.
Marcel den Hartog, senior product marketing manager at mainframe software supplier CA Technologies, was not surprised at all by the findings, however.
"For decades to come, cloud computing will be another way of running applications we use to do business. It will be part of the hybrid (mainframe, distributed and cloud) IT infrastructure, which means that existing applications (mainframe and distributed) will somehow have to be integrated with this new cloud technology. And we will see new technology appear on mainframes as well.
"Combine this with an average age of 56 for mainframe staff who are already very, very busy, most companies now realise that they need to train young people to manage the mainframe so that their new cloud applications are able to use the corporate data on the mainframe that they use every day," he said.