Sixty-two percent of companies surveyed by the Ponemon Institute report that during the application development and testing process, they use real customer data—including employee, vendor and customer records, and credit card and Social Security numbers—instead of disguised data to test applications.
MORE ON SOFTWARE QUALITY
An Introduction to the Murky Science of Web Application Security
The Importance of Automated Software Testing
11 Ways to Improve Software Testing
Quality Doesn’t Just Happen
That data often isn’t protected in a non-production environment, according to the report. Thus iit could be vulnerable to unauthorized sources including in-house testing staff, consultants, partners and offshore personnel. The latter is particularly notable, since 52 percent of the companies outsourced application testing, and 49 percent of those respondents shared live data with the outsourced organization.
“For many organizations, large customer data files represent an easy, cheap source of data to use when testing applications, but this process introduces a huge element of risk to the challenge of maintaining the integrity of sensitive information, particularly when third parties and offshore resources are involved,” said Dr. Larry Ponemon, chairman of the Ponemon Institute, in a statement.
According to the study:
Half, 50 percent, had no way of knowing if the data used in testing had been compromised.
Forty-one percent of respondents do not protect live data used in software development.
More than a third (38 percent) of respondents were unsure if live data their organization used for testing or development had been lost or stolen.
The survey, commissioned by Compuware, was conducted between July 2007 and August 2007, based on the responses of 897 IT professionals with an average of ten years experience.