Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Awareness There, Policies Lacking: Results of a New SANS Survey on Application Security Policies in Enterprises

BETHESDA, Md., Dec. 5, 2012 /PRNewswire-USNewswire/ -- SANS Institute, a trusted and pervasive source of information security training, announces the results of its first Survey on Application Security Policies in Enterprises.

Sponsored by NT OBJECTives, Qualys, WhiteHat Security and Veracode, the survey reveals that awareness of risk is high across most organizations and that some form of policies are in place among 66% of the survey's nearly 700 respondents.

"This indicates that application security has grown out of its infancy and is becoming incorporated into policy," says SANS Analyst executive editor, Deb Radcliff. "The flip side is that there is that only two percent of survey takers have comprehensive, cradle-to-grave management of their applications."

The survey shows that organizations are managing multiple applications, yet 28% of respondents can't determine what applications are under their management.

Policies also vary for organizations that develop their own applications versus those managing commercial applications: Only 23% comprehensively manage development and lifecycle of applications they develop, and only 33% conduct extensive review of commercial applications prior to putting them into production.

Things get hazier when the discussion moves to outsourced or cloud applications, with only 22% relying on extensive testing and validation prior to production.

"Too many organizations are relying on their service providers and software vendors to 'do the right thing' when it comes to application security. This isn't enough," says SANS analyst Jim Bird, who coauthored the report. "They have to start taking more responsibility for securing their own software supply chains—especially bigger organizations with enough buying power to force real change on supplier behavior and accountability."

With regard to responsibility for application security, the survey allowed multiple responses. While most respondents put their C-level and managerial level IT and security professionals in charge of application security (83%) and 35% indicate that their development group is responsible. Another 33% said their risk and compliance managers were responsible. This is not surprising, given that, in another question, more than 40% of respondents selected compliance their top driver for their application security programs.

"Compliance has been a key driver to bring application security to a minimum initial baseline in many organizations," says SANS instructor Frank Kim, who also co-authored the survey report. "Mature processes coupled with skilled application security practitioners will be required to really expand the state of the art."

For full results of the survey, attend a special SANS webcast held at 1 PM EST on December 13. To register for that webcast, follow this link:

www.sans.org/webcasts/survey-application-security-policies-enterprises-95622    

The full report will be released at that time in the SANS Reading Room at www.sans.org/reading_room/analysts_program.

About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and by far the largest source for information security training and security certification in the world. In addition to world-class training, SANS offers certification via the ANSI accredited GIAC security certification program. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, newsletters, and it operates the Internet's early warning system—the Internet Storm Center. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community. (www.sans.org)

SOURCE SANS Institute

About PR Newswire
Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Cloud Developer Stories
The 3rd International Internet of @ThingsExpo, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that its Call for Papers is now open. The Internet of Things (IoT) is the biggest idea since the c...
"We help companies that are using a lot of Software as a Service. We help companies manage and gain visibility into what people are using inside the company and decide to secure them or use standards to lock down or to embrace the adoption of SaaS inside the company," explained S...
15th Cloud Expo, which took place Nov. 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA, expanded the conference content of @ThingsExpo, Big Data Expo, and DevOps Summit to include two developer events. IBM held a Bluemix Developer Playground on November 5 and...
Some developers believe that monitoring is a function of the operations team. Some operations teams firmly believe that monitoring the systems they maintain is sufficient to run the business successfully. Most of them are wrong. The complexity of today's applications have gone fa...
The 4th International DevOps Summit, co-located with16th International Cloud Expo – being held June 9-11, 2015, at the Javits Center in New York City, NY – announces that its Call for Papers is now open. Born out of proven success in agile development, cloud computing, and proce...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
ADS BY GOOGLE