Main Nav

Hello All,


A few questions related to application vulnerability scanning and management:


·         Do you have a program to ensure that applications are tested for vulnerabilities?

o   Is it embedded in the application QA or release process, or is scanning done once the app is in prod (or both)?

o   Who runs the tests?  (Developers?  QA?  InfoSec personnel?  Other?)

·         What tool do you use for static cost testing?

·         What tool do you use for dynamic code testing?

o   Do you credentialed scans or anonymous only?


This question was cross posted to educause and Ren-Isac.  I will post some de-identified statistical results back to both lists.


Thanks all!
Quinn R Shamblin
Executive Director of Information Security, Boston University
CISM, CISSP, GCFA, PMP  –  O 617-358-6310  M 617-999-7523



Connect: San Antonio
April 22–24
Register Now

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.


Digital Badges
Member recognition effort
Earn yours >

Career Center

Leadership and Management Programs

EDUCAUSE Institute
Project Management



Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.


EDUCAUSE organizes its efforts around three IT Focus Areas



Join These Programs If Your Focus Is


Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.



2015 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations

Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.