When I use the "Search application" to find text that appears in the Security Attributes->Database Session->Initialization code, I get two results
1) Attribute: Db Session Init Code (Identifies PL/SQL that is dynamically executed immediately after the user is authenticated and before any application logic is processed. This attribute can assign security policies to restrict access to database tables and views.)
2) Attribute: Vpd (Deprecated. Use column DB_SESSION_INIT_CODE)>
I would only expect one.
Both open the Application Definition attribute instead of Security - which isn't a huge concern, but may be confusing to some.