TIER Development Security Practices Survey Question Title * 1. What product are you working on? (choose all that apply) Grouper Comanage Shibboleth InCommon Other (please specify) Question Title * 2. What kind of software development project management protocols are you currently using? (choose all that apply) Agile Waterfall Mixture None Other (please specify) Question Title * 3. Have you taken any training on software development security in the last 2 years? (choose all that apply) N/A SANS Secure The Developer OWASP Other (please specify) Question Title * 4. Please detail any security certifications you currently hold. ISC2 – Please Describe ISACA – Please Describe GIAC – Please Describe Other - Please describe Question Title * 5. Please detail any software development certifications you currently hold Microsoft – Please Describe Amazon Web Services – Please Describe Scrum Alliance – Please Describe Other – Please Describe Question Title * 6. What testing tools do you currently use to pentest your applications? (choose all that apply) N/A OWASP Tools Qualys Acunetix Burp Suite Other (please specify) Question Title * 7. What testing tools do you currently use to perform code reviews of your applications? (choose all that apply) N/A Veracode Fortify Checkmarx Other (please specify) Question Title * 8. What testing tools do you currently use to perform application vulnerability assessments? (choose all that apply) N/A Acunetix Qualys Trustkeeper Other (please specify) Question Title * 9. When was the last time your application was assessed for security? (choose all that apply) Within the last 12 months Within the last 24 months Never Other (please specify) Question Title * 10. If your application has been assessed, what type of assessment was it? (choose all that apply) N/A Security Assessment Risk Assessment Compliance Assessment Other (please specify) Question Title * 11. How can the Security WG help you improve your awareness and execution to ensure security and audit are included in the TIER products and processes? Thank you for your time! Done