AppSec Blog

Survey on Application Security Programs - Webcast and Paper

For the second year in a row Jim Bird and I have helped SANS put together a "Survey on Application Security Programs and Practices". We asked some of the same questions as the previous year, just in a different way. Some interesting trends this year, as taken from the executive summary of the soon to be published paper, include the following:

- There was a significant improvement in the number of organizations implementing application security programs and practices. The percentage of organizations that have an active Appsec program increased from 66% last year to 83% this year?and many of the organizations that do not have a program in place yet are at least following some kind of ad hoc security practices.

- Organizations are testing more frequently. In this year's survey, more than one-third are doing continuous, ongoing security testing of their applications, whereas only 23% indicated doing so in our previous survey.

- Organizations continue to face the same kinds of challenges in getting management buy-in for application security programs. But the leading inhibitor for putting effective Appsec programs in place is now a shortage of application security skills, whereas in last year's survey, the leading inhibitor was management buy-in and funding. In this year's survey, organizations also ranked technical resources to maintain security in production their fourth most difficult problem.

To find out more please register for our complimentary webcast on Wednesday, February 12 at

If you register for the webcast you'll get an advance copy of the paper that will be published in the SANS Reading Room at

To find out more about Software Security Awareness training for developers please visit SANS Securing the Human at Information about longer developer security training courses is available at

Post a Comment


* Indicates a required field.