A new report has found that 62 percent of companies use real rather than disguised customer data during the application development and testing process.

This includes employee, vendor and customer records, and credit card and Social Security numbers, says the Ponemon Institute report. This data often isn't protected in a non-production environment. Thus it could be vulnerable to unauthorised sources including in-house testing staff, consultants, partners and offshore personnel.

The latter is particularly notable, since 52 percent of the companies outsourced application testing, and 49 percent of those respondents shared live data with the outsourced organisation.

"For many organisations, large customer data files represent an easy, cheap source of data to use when testing applications, but this process introduces a huge element of risk to the challenge of maintaining the integrity of sensitive information, particularly when third parties and offshore resources are involved," said Dr. Larry Ponemon, chairman of the Ponemon Institute, in a statement.

According to the study:

o Half, 50 percent, had no way of knowing if the data used in testing had been compromised.
o Forty-one percent of respondents do not protect live data used in software development.
o More than a third (38 percent) of respondents were unsure if live data their organisation used for testing or development had been lost or stolen.

The survey, commissioned by Compuware, was conducted between July 2007 and August 2007, based on the responses of 897 IT professionals with an average of ten years experience.