29. Crowd Sourced Current Solutions Inadequate
Internal Teams Developers
Dev Site A Dev Site B
Security Consultants
• Very expensive
• In short supply
iPhone • Time to results too long
Dev Site C Apps
Crowd
Internal Sourcing Tools
• Do not scale across sites
Open 3rd Party • Very high noise ratio
Source Open Software Software Vendors • Can not test 3rd party code
Source SYMC MSFT • Separation of duties issue
Outsourced
Developers
Offshore • Do not know how to write
Oracle secure code
Provider
• Prioritize time-to-ship,
functionality over security
Processes
• Difficult to implement
Eastern China • Years to fine tune
Europe India • Low adoption (< 1% of US
Contractors companies CMMI Level 5
certified)
Unknown
Skills