Sixty two percent of companies use real rather than disguised customer data during the application development and testing process.

This includes employee, vendor and customer records, and credit card and Social Security numbers, says a survey of US IT managers from the Ponemon Institute. This data often isn't protected in a non-production environment. Thus it could be vulnerable to unauthorised sources including in-house testing staff, consultants, partners and offshore personnel.

Fifty two percent of the companies outsourced application testing, and 49 percent of those respondents shared live data with the outsourced organisation.

According to the study:

o 50 percent had no way of knowing if the data used in testing had been compromised.
o Forty-one percent of respondents do not protect live data used in software development.
o More than a third (38 percent) of respondents were unsure if live data their organisation used for testing or development had been lost or stolen.

The survey was conducted in August 2007, based on the responses of 897 IT professionals with an average of ten years experience.