46. アプリケーションセキュリティ実施の強い動機
46
Drivers for AppSec Programs Response Percent
コンプライアンス、内部監査、調査レポートの率直な指摘 71.5%
漏洩時の経済的打撃に対するリスクベースの意識 69.6%
顧客への「当然の品質」としての魅力提示 39.9%
セキュリティ・インシデントの指摘 36.7%
業界の予算、ROI、TCO比較による 33.5%
Couching security as a direct “enablement” for new applications 30.4%
Other 1.3%
出典:SANS Institute (2015)
About One hundred years ago, the “unsinkable” Titanic foundered after striking an iceberg
off the coast of Newfoundland.
More than 1,500 people died in what became one of the deadliest maritime accidents ever.
Several factors contributed to this massive death toll,
but perhaps the most critical was that there simply weren’t enough lifeboats.
The ship carried 2,224 people, but fewer than half of them could squeeze into the boats.
As we know, passengers who didn’t get a spot in one of those lifeboats quickly died
in the freezing waters of the North Atlantic.
What’s less well known is that the Titanic’s supply of lifeboats was in full compliance
with the British marine regulations in force at time.
The law required the ship to carry 16 lifeboats; the Titanic actually had 20 lifeboats.
The ship’s owners did a good job of providing enough boats to address the regulatory
risk of noncompliance. Unfortunately, meeting regulatory requirements did little to
prevent the tragic loss of life.
This is a case of misperception of risk.