There is a widening gap between the quality standards that businesses apply to the software they develop in-house and the software they get from other providers. Seventy percent of companies conduct security or risk assessments on their own code, while just 35 percent conduct those assessments for third-party software, according to a report from Forrester Research.

The study, "Software Integrity Risk Report," found that the discrepancy in quality controls can result in a higher risk of code defects. It also found "a skewed risk-to-responsibility culture forming between companies and third-party developers," reports Dave Rosenberg at CNET.

Nearly half the time, the buyer is considered entirely responsible for the quality and security problems in third-party software, according to the report.  In just 10 percent of cases, the supplier is held entirely responsible.

The problem for businesses is that consumers are likely to link software failures with a product that fails, whether the code was developed in-house or by a third party supplier, said Dave Peterson, CMO of Coverity, a software analyst firm that commissioned the Forrester report. To minimize the potential for damage to reputation, companies should apply the same quality and security standards to outside code suppliers and internal developers, he recommends.

For more:
- see Dave Rosenberg's article at CNET

Related Articles:
Report: Majority of software programs lack acceptable security
Thinking about security from the beginning
Experts ponder software security conundrum