Is Application Security "Free"?

Without Exception, the Benefits of Application Security Initiatives Are Found to Far Outweigh the Annual Costs

BOSTON, MA--(Marketwire - September 14, 2010) -  Aberdeen Group, a Harte-Hanks Company (NYSE: HHS), today announced that its latest research in Application Security confirms that the total annual cost of application security initiatives is far outweighed by the benefits of fewer actual security-related incidents, fewer audit deficiencies, and faster time to remediate. All respondents in the study, from leaders to laggards, experienced a positive return on their annual investments in application security. Given the size and diversity of the typical application software portfolio, the dynamic nature of the application security threat landscape, and the material impact of an actual security-related incident -- estimated at $300,000 on average, for all study participants -- the clear takeaway is that application security initiatives of all kinds represent extremely good business value.

Aberdeen's research shows that top performers have successfully balanced both efficiency and effectiveness to maximize the returns on their annual investments in application security. On average, the top performers estimated that they identify and remediate 8 out of 9 application security vulnerabilities prior to the deployment phase of the software development lifecycle, as opposed to just 3 out of 4 for the lagging performers. One benefit of this is that the leading performers experienced nearly 3-times fewer actual application security-related incidents in the past 12 months compared to laggards, along with fewer costs associated with remediation. The top performers also enjoyed an impressive 5.8-times return on their annual investment in application security, which was 2-times higher than that of lagging performers.

"The process of developing secure software applications has many strong parallels with the principles of quality in manufacturing," commented Derek E. Brink, vice president and research fellow for IT Security, Aberdeen Group. "But based on current practices we still have far to go in having a clear definition of secure applications, and in shifting the means of achieving secure applications to prevention as opposed to inspection or additional layers of protection."

A complimentary copy of the Securing Your Applications: Three Ways to Play report is made available in part by the following underwriters: Fortify Software and Webroot. To obtain a complimentary copy of the report, visit

To take a complimentary, easy-to-use interactive assessment that can help you to identify the strategies, capabilities, and technologies used by companies with top performance in the area of application security, visit:

For additional access to complimentary Information Technology research, please visit

To view complimentary 30-minute webcasts highlighting findings from this and other Aberdeen IT Security research, visit

About Aberdeen Group, a Harte-Hanks Company

Aberdeen provides fact-based research and market intelligence that delivers demonstrable results. Having queried more than 30,000 companies in the past two years, Aberdeen is positioned to educate users to action: driving market awareness, creating demand, enabling sales, and delivering meaningful return-on-investment analysis. As the trusted advisor to the global technology markets, corporations turn to Aberdeen for insights that drive decisions.

As a Harte-Hanks Company, Aberdeen plays a key role of putting content in context for the global direct and targeted marketing company. Aberdeen's analytical and independent view of the "customer optimization" process of Harte-Hanks (Information - Opportunity - Insight - Engagement - Interaction) extends the client value and accentuates the strategic role Harte-Hanks brings to the market. For additional information, visit Aberdeen or call (617) 854-5200, or to learn more about Harte-Hanks, call (800) 456-9748.

(C) 2010 Aberdeen Group, Inc., a Harte-Hanks Company
451 D Street, Suite 710
Boston, Massachusetts 02210-1928
Telephone: (617) 854-5200
Fax: (617) 723-7897