Software flaws will triple downtime by 2008

According to the latest research from Gartner, increasing business internet activity, along with growing use of web services, wireless connections and other new technologies, will lead to more software vulnerabilities and a corresponding dramatic increase in downtime.

John Pescatore, vice president and research fellow for Gartner, said: "These vulnerabilities will cause increased downtime for organizations that don't push security concerns into their processes for software development and procurement."  

Gartner's strategy report, Building a Sound Security Infrastructure: New Defenses for a New World of Threats, advises organisations to pressure vendors to build more-secure software while driving their in-house development teams to reduce security vulnerabilities in their own software.

It also suggests that firms demand software architectures based on security standards and incorporate mechanisms to limit the "attack surface" of applications directly exposed to the internet.

"Basic changes to the operating systems and hardware platforms used by servers and PCs will make dramatic leaps forward possible in some areas of software security," said Pescatore.

"However, through 2008, IT leaders will need to implement stopgap approaches to deal with new vulnerabilities associated with unsafe customer, employee and business partner platforms."  

Gartner defines a "vulnerability" as a weakness in process, administration or technology that can be exploited to compromise IT security. Vulnerabilities can exist in any layer of the application stack, caused by weaknesses in just about every IT administration, process or design function, the analyst firm said.   

www.gartnerpress.com/reports