Almost three quarters (73%) of IT professionals admit that their software is still vulnerable to hackers – just 8% down on last year's revelation.
That's chief among findings by application security specialist Fortify Software – which also finds 46% believing that hacking at the application level is the easiest way into any company today.
That is significant – Fortify makes the point that it's 33% up on last year and in line with research that demonstrates significant growth in hacks targeted at applications.
What's more, Fortify finds one third of IT pros thinking that buying external applications poses a greater security threat than writing them in house.
That said, 35% don't consider checking externally procured applications for flaws or vulnerabilities – although 55% say they're now worried because it wasn't made a priority for developers. A further 21% were disturbed because it is at the bottom of everyone's mind.
Fortify senior vice president products and technologies Barmak Meftah says: "Although pleased by a reduction in respondents who admit their software applications are vulnerable to attack, 8% simply isn't good enough. Today, such an informed audience shouldn't be citing security concerns as bottom of anyone's mind, or worse, not considered a priority.
"Businesses really should be looking to alleviate the security risks in their applications and achieve software security assurance so that they don't have to face the expense and embarrassment of being hacked."