The findings of a recent Application Risk Assessment Survey that included the responses of more than 600 corporations indicate that roughly two-thirds of organizations who are most at risk from reverse engineering do not have adequate controls in place to manage these risks.
The survey assessed four critical factors:
1) the likelihood that a company’s applications would be reverse engineered;
2) the materiality of the risks that stem from reverse engineering;
3) the presence of tools to prevent reverse engineering; and,
4) the adoption of practices and policies to ensure that those tools were being applied consistently and effectively.
Of the top 15 industries most at risk, 27 percent had no controls in place, 35 percent relied upon developers to make their own decisions with no policy or corporate guidance to manage these risks consistently and only 36 percent had both tools to combat reverse engineering and some type of consistent guidance that reflected the company’s policies and appetite for risk.
“As .NET and Java applications become increasingly ubiquitous, the risks that stem from uncontrolled access to source code are also increasing proportionately,” said Gabriel Torok, president at PreEmptive Solutions. “Vulnerability exploitation, IP theft, privacy violations and piracy are among the many potentially material risks that must now be managed.”
Security, compliance and risk management stakeholders need to reach a consensus on the controls that are appropriate to manage what may otherwise become material risks. The published survey results offer organizations an objective benchmark to begin the process of determining the appropriate response.
The top 15 industries at risk from high to low are; computer hardware, banking, electronics, diversified services, aerospace and defense, telecommunications, transportation, computer software, media, consulting, financial services, insurance, health services and government.
“Technologists have always understood the exposure that comes with distributing managed code in the clear,” said Sebastian Holst, senior vice president of sales and marketing for PreEmptive Solutions. “Unfortunately, the professionals who are responsible for modeling and managing risk have been largely unaware of the risks that stem from that exposure.”
To request your copy of the Application Risk Assessment Study, e-mail solutions@preemptive.com.
