Home > All, Vendor News > Software security assurance: quantifying ROI is difficult – but can be done…

Software security assurance: quantifying ROI is difficult – but can be done…

September 13, 2010 Leave a comment Go to comments

Mainstay Partners is a much-respected research company that specialises in putting a value to business propositions. When Fortify Software wanted an independent statement on the return on investment (ROI) that software companies might achieve from the use of its software security assurance (SSA) products, Mainstay Partners is where it went. The result is a new whitepaper: Does Application Security Pay? Measuring the Business Impact of Software Security Assurance Solutions – and, basically, yes it does (as much as $37m per annum in some cases).

We reviewed 30 software security providers and found that, while everyone talks about ROI, no one has really quantified the business value of SSA. Fortify’s effort to put some real cost and time savings against an investment in SSA is unique in the industry, and should give security executives the language they need to communicate the value of SSA in a way that resonates with senior IT and business leaders.
Amir Hartman, co-founder and managing director of Mainstay Partners

click for full-size

Cost of pentesting reduced by 50% or more...

Key findings include

  • Vulnerabilities per application reduced from 1000’s to 10’s
  • Average time to fix a vulnerability reduced from 1 to 2 weeks to 1 to 2 hours
  • The percentage of repeat vulnerabilities reduced from 80% to 0%
  • Costs for compliance and penetration tests reduced from ~$500k to $250k
  • Time-to-market delays due to vulnerabilities reduced from 4+ incidents (30 days each) to none

Fortify Software
Mainstay Partners

Categories: All, Vendor News
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s