https://communities.sas.com/t5/Architecture/SAST-for-SAS/m-p/844222#M408 <P>If you think SAS can help you on SAST, then by all means contact them via Tech Support or your account manager. In my experience, the Information Security staff I work with are the ones conducting SAST tests and are most familiar with our IT environment so they are the ones I would start out consulting with.&nbsp;</P> Mon, 14 Nov 2022 22:17:56 GMT SASKiwi 2022-11-14T22:17:56Z https://communities.sas.com/t5/Architecture/SAST-for-SAS/m-p/843721#M403 <P>Hi,</P> <P>&nbsp;</P> <P>Currently reviewing Open Source and Enterprise toolsets for SAST.&nbsp; I noted that on a SAS White Paper (<A href="https://www.sas.com/content/dam/SAS/en_us/doc/whitepaper1/sas-software-security-framework-107607.pdf" target="_blank">https://www.sas.com/content/dam/SAS/en_us/doc/whitepaper1/sas-software-security-framework-107607.pdf</A>) that SAS uses various Security Frameworks using&nbsp;Open Source and Enterprise toolsets.&nbsp; I would like to know which ones are utilised by SAS, as would like to assess their capabilities for the SAST Software review that I am doing to cover off the SAS Grid Platform and Redshift Clusters that we utilise for our analytics and data warehouse.</P> <P>&nbsp;</P> <P>Many thanks</P> <P>&nbsp;</P> <P>G</P> Fri, 11 Nov 2022 05:11:51 GMT https://communities.sas.com/t5/Architecture/SAST-for-SAS/m-p/843721#M403 gra_in_aus 2022-11-11T05:11:51Z https://communities.sas.com/t5/Architecture/SAST-for-SAS/m-p/843735#M404 <P>I don't think this is general knowledge.</P> <P>If you wish to have insight in SAS Institute processes, you should you SAS sales represenatative, or a TAM if you've been appointed one.</P> Fri, 11 Nov 2022 10:12:54 GMT https://communities.sas.com/t5/Architecture/SAST-for-SAS/m-p/843735#M404 LinusH 2022-11-11T10:12:54Z https://communities.sas.com/t5/Architecture/SAST-for-SAS/m-p/843871#M405 <P>What SAST tools are currently used in your organisation? Your IT Security staff should be able to advise. Why not just follow their guidance? I doubt the SAST tool requirements for your organisation would align withj SAS's so I see limited value in asking them about this.&nbsp; &nbsp;</P> Fri, 11 Nov 2022 22:19:01 GMT https://communities.sas.com/t5/Architecture/SAST-for-SAS/m-p/843871#M405 SASKiwi 2022-11-11T22:19:01Z https://communities.sas.com/t5/Architecture/SAST-for-SAS/m-p/844212#M406 Can't see why there would be a problem disclosing the open-source SAST that is used. How different is SAS announcing that they use cloud academy? or any other vendors advertise that SAS is a customer of theirs?<BR /><BR />I just information to see what SAST tools to cover off SAS and Redshift applications created by users of the servers.<BR /> Mon, 14 Nov 2022 21:28:36 GMT https://communities.sas.com/t5/Architecture/SAST-for-SAS/m-p/844212#M406 gra_in_aus 2022-11-14T21:28:36Z https://communities.sas.com/t5/Architecture/SAST-for-SAS/m-p/844213#M407 Can't see why there would be a problem disclosing the open-source SAST that is used. How different is SAS announcing that they use cloud academy? or any other vendors advertise that SAS is a customer of theirs?<BR /><BR />I just information to see what SAST tools to cover off SAS and Redshift applications created by users of the servers. Mon, 14 Nov 2022 21:28:42 GMT https://communities.sas.com/t5/Architecture/SAST-for-SAS/m-p/844213#M407 gra_in_aus 2022-11-14T21:28:42Z https://communities.sas.com/t5/Architecture/SAST-for-SAS/m-p/844222#M408 <P>If you think SAS can help you on SAST, then by all means contact them via Tech Support or your account manager. In my experience, the Information Security staff I work with are the ones conducting SAST tests and are most familiar with our IT environment so they are the ones I would start out consulting with.&nbsp;</P> Mon, 14 Nov 2022 22:17:56 GMT https://communities.sas.com/t5/Architecture/SAST-for-SAS/m-p/844222#M408 SASKiwi 2022-11-14T22:17:56Z