by Shawna McAlearney

Private Customer Data Vulnerable During Application Testing

Dec 10, 20072 mins

Ponemon survey shows majority of companies use real, sensitive customer data to develop and test applications, not realizing the information is vulnerable to breaches.

Sixty-two percent of companies surveyed by the Ponemon Institute report that during the application development and testing process, they use real customer data—including employee, vendor and customer records, and credit card and Social Security numbers—instead of disguised data to test applications.


An Introduction to the Murky Science of Web Application Security

The Importance of Automated Software Testing

11 Ways to Improve Software Testing

Quality Doesn’t Just Happen

That data often isn’t protected in a non-production environment, according to the report. Thus iit could be vulnerable to unauthorized sources including in-house testing staff, consultants, partners and offshore personnel. The latter is particularly notable, since 52 percent of the companies outsourced application testing, and 49 percent of those respondents shared live data with the outsourced organization.

“For many organizations, large customer data files represent an easy, cheap source of data to use when testing applications, but this process introduces a huge element of risk to the challenge of maintaining the integrity of sensitive information, particularly when third parties and offshore resources are involved,” said Dr. Larry Ponemon, chairman of the Ponemon Institute, in a statement.

According to the study:

  • Half, 50 percent, had no way of knowing if the data used in testing had been compromised.

  • Forty-one percent of respondents do not protect live data used in software development.

  • More than a third (38 percent) of respondents were unsure if live data their organization used for testing or development had been lost or stolen.

The survey, commissioned by Compuware, was conducted between July 2007 and August 2007, based on the responses of 897 IT professionals with an average of ten years experience.