Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Awareness There, Policies Lacking: Results of a New SANS Survey on Application Security Policies in Enterprises

BETHESDA, Md., Dec. 5, 2012 /PRNewswire-USNewswire/ -- SANS Institute, a trusted and pervasive source of information security training, announces the results of its first Survey on Application Security Policies in Enterprises.

Sponsored by NT OBJECTives, Qualys, WhiteHat Security and Veracode, the survey reveals that awareness of risk is high across most organizations and that some form of policies are in place among 66% of the survey's nearly 700 respondents.

"This indicates that application security has grown out of its infancy and is becoming incorporated into policy," says SANS Analyst executive editor, Deb Radcliff. "The flip side is that there is that only two percent of survey takers have comprehensive, cradle-to-grave management of their applications."

The survey shows that organizations are managing multiple applications, yet 28% of respondents can't determine what applications are under their management.

Policies also vary for organizations that develop their own applications versus those managing commercial applications: Only 23% comprehensively manage development and lifecycle of applications they develop, and only 33% conduct extensive review of commercial applications prior to putting them into production.

Things get hazier when the discussion moves to outsourced or cloud applications, with only 22% relying on extensive testing and validation prior to production.

"Too many organizations are relying on their service providers and software vendors to 'do the right thing' when it comes to application security. This isn't enough," says SANS analyst Jim Bird, who coauthored the report. "They have to start taking more responsibility for securing their own software supply chains—especially bigger organizations with enough buying power to force real change on supplier behavior and accountability."

With regard to responsibility for application security, the survey allowed multiple responses. While most respondents put their C-level and managerial level IT and security professionals in charge of application security (83%) and 35% indicate that their development group is responsible. Another 33% said their risk and compliance managers were responsible. This is not surprising, given that, in another question, more than 40% of respondents selected compliance their top driver for their application security programs.

"Compliance has been a key driver to bring application security to a minimum initial baseline in many organizations," says SANS instructor Frank Kim, who also co-authored the survey report. "Mature processes coupled with skilled application security practitioners will be required to really expand the state of the art."

For full results of the survey, attend a special SANS webcast held at 1 PM EST on December 13. To register for that webcast, follow this link:

www.sans.org/webcasts/survey-application-security-policies-enterprises-95622    

The full report will be released at that time in the SANS Reading Room at www.sans.org/reading_room/analysts_program.

About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and by far the largest source for information security training and security certification in the world. In addition to world-class training, SANS offers certification via the ANSI accredited GIAC security certification program. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, newsletters, and it operates the Internet's early warning system—the Internet Storm Center. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community. (www.sans.org)

SOURCE SANS Institute

About PR Newswire
Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Cloud Developer Stories
It is ironic, but perhaps not unexpected, that many organizations who want the benefits of using an Agile approach to deliver software use a waterfall approach to adopting Agile practices: they form plans, they set milestones, and they measure progress by how many teams they have...
No hype cycles or predictions of zillions of things here. IoT is big. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, Associate Partner at M&S Consul...
Cloud Expo, Inc. has announced today that Andi Mann and Aruna Ravichandran have been named Co-Chairs of @DevOpsSummit at Cloud Expo Silicon Valley which will take place Oct. 31-Nov. 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. "DevOps is at the intersection o...
"When we talk about cloud without compromise what we're talking about is that when people think about 'I need the flexibility of the cloud' - it's the ability to create applications and run them in a cloud environment that's far more flexible,” explained Matthew Finnie, CTO of In...
"Loom is applying artificial intelligence and machine learning into the entire log analysis process, from start to finish and at the end you will get a human touch,” explained Sabo Taylor Diab, Vice President, Marketing at Loom Systems, in this SYS-CON.tv interview at 20th Cloud ...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
ADS BY GOOGLE