Packaged apps are full of hackable bugs, security specialists believe

Survey shows lack of white hat faith in commercial software

Security professionals hacking into their own systems

IT security professionals are hacking into their own systems because they believe packaged applications are riddled with vulnerable bugs, according to a recent survey from a security firm.

Nearly one in three (31 per cent) of the respondents to Fortify Software's survey admitted their organisation had been hacked in the past, and a similar number said they didn't know if it had.

The vast majority (83 per cent) said they thought off-the-shelf software was buggy and insecure and more than half (56 per cent) said that it was vulnerable to hackers. Consequently many are hacking into their own systems to test the defences they have built.

A small number (three per cent) confessed to attacking competitors' systems too.

The best way to check that applications are secure is to combine all available solutions, including code and static analysis, web application firewalls, application scanners and pen testing, said 57 per cent of the group. Five per cent admitted that their organisations didn’t employ technology for software security.

Of those that admitted to previous hacking experience, 29 per cent learned to hack at work; 26 per cent on the internet; 13 per cent at university; and eight per cent at school. A further eight per cent used friends to help them hone their talent.

The survey was conducted among 300 security specialists in companies of over 1,000 employees.