Here are a few excellent reasons why creating insecure software is a Very Bad Idea.
Company A is releasing a web application pilot. It is a fairly complex B2C app with payment framework integration, a scalable cloud deployment and multiple user profile centric features.
By examining team metrics, the Dev Lead quickly learns that it costs over x30 more to fix any single vulnerability in Production versus while in the Architecture phase.
Company A wanted to cut some short-term costs and did not actively invest in fixing a number of critical security vulnerabilities.
A few months later they get approached by a security researcher who discovered that sensitive data flowing through the app was automatically decrypted when retrieved, allowing an SQL injection flaw to browse credit card numbers in clear text.
Unfortunately, she wasn’t the first to discover this and litigation follows from angry customers after a very public breach.
It Can Put You Out Of Business
Competitors aren’t about to let such a fantastic opportunity pass by and double down on marketing, leveraging the unfortunate breach in their messaging.
Struggling to survive among leaving customers, departing employees, rising litigation costs, regulatory fines and increased auditory scrutiny, Company A has no choice but to first downsize and then close doors altogether.
So...why do you keep doing it?
Or Let's Talk More
Get weekly updates on the latest in secure coding.
Not a business? No problem! Join us at one of our events.