Survey on Application Security Programs and Practices

by Jim Bird, Frank Kim
Sept. 1, 2017 0 comments SANS Institute application and database security securing code

This is the SANS Institute’s second survey on application security programs and practices. In this year’s survey, we wanted to uncover answers to the following questions: • How widespread are application security programs, and how mature are the programs that are in place today? • How effective are these programs? • What practices and tools are organizations relying on the most today, and what are they finding the most useful? • How is secure coding training for developers being done, and how effective is this training? • How are people justifying spending on Appsec, and where are they spending most of their efforts? Does this spending align with organizational risk? • What will the future of Appsec look like? Are organizations planning to invest more in Appsec? And what programs or technologies are on their future roadmaps?