The report, created in conjunction with privacy management firm the Ponemon Institute, concludes that this practice compromises critical information as these environments are less secure than production environments.
Testing data may be exposed to a variety of unauthorised sources, including in-house staff, consultants, partners and even offshore personnel.
Some 35 per cent of respondents outsourced their application testing, and 38 per cent shared live data with the outsourced organisation.
"For many organisations, large customer data files represent an easy and cheap source of data to use when testing applications," said Dr Larry Ponemon, chairman and founder of the Ponemon Institute.
"But this process introduces a huge element of risk to the challenge of maintaining the integrity of sensitive information, particularly when third parties and offshore resources are involved."
The study points to a need for greater awareness and accountability over how sensitive data is used within organisations.
"Common practices as they relate to all uses of live data must be evaluated to assess risk, and safeguards implemented to ensure data security," said Dr Ponemon.
Of the 58 per cent of companies using actual customer data, 79 per cent use customer files and 68 per cent use customer lists.
Examples of the live data include employee and vendor records, customer account numbers, credit card numbers, Social Security numbers and other credit, debit or payment information.
Furthermore, 43 per cent of respondents admitted to having no way of knowing whether the data used in testing had been compromised, and 17 per cent reported not protecting live data used in software development.
The report also highlighted the confusion surrounding the ownership of sensitive test data.
Some 11 per cent of respondents did not know who was responsible for securing test data, 43 per cent believed that the development organisation is responsible and 14 per cent thought that the business units sponsoring the development were responsible.
Software developers putting data at risk
By
Staff Writers
on Jan 11, 2008 3:19PM
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Kaseya Dattocon APAC 2024 is Back
Ingram Micro Ushers in the Age of Ultra
Sponsored Whitepapers
Easing the burden of Microsoft CSP management
-1.jpg&w=100&c=1&s=0)
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
.png&w=100&c=1&s=0)
