Security experts say that building more secure applications from the start would create software that is more sustainable, resilient from attacks, and even more cost effective. The focus of many software creators is to ship code that is good enough, said Josh Corman, research director, enterprise security practice at the 451 Group. The real bottleneck has been sufficient demand for secure software, Corman said. Security defect can be an order of magnitude more expensive by catching it late in development or in production, he said.
Source: https://threatpost.com/application-security-good-enough-isnt-021711/74950/

