Whole lifecycle approach
Application security vulnerabilities arise because of bugs in software, un-intended software behaviour, software defects, so the best strategy is to take a whole lifecycle testing approach from development, pre-release testing, stress testing and continual monitoring.
Application security is just not the same as network or infrastructure security; there is no one black box you can install that will solve all the issues.
Hoffman said he believed that enterprises in the Asia Pacific are in a unique position because many are still developing strategies and can leap-frog the IT security stages faced by more mature economies.
By learning from the experience of more mature economies, the Asia Pacific can adopt and implement IT security protection at a must faster rate, just like how most Chinese people went straight to having mobile phones without having a landline first.
Sign up for CIO Asia eNewsletters.