Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

Security pros offered new 'CSSLP' qualification

Pass, fail, retry?

By John Dunn | Techworld | Published: 06:00, 25 September 2008

Software developers are to be offered a new qualification from next year, the CSSLP, designed to certify their competence in the increasingly troubled world of security design.

The Certified Secure Software Lifecycle Professional certification is the work of UK-based (ISC)2, a not-for-profit industry organisation that already manages a range of global security qualifications.

Its creators hope that the CSSLP will benefit both the professionals who take the $599 (£320) examination, and the companies who hire them. Anyone passing the test will have to prove a high degree of competence across any programming language in understanding how to integrate good security practice into the software development lifecycle.

Areas of knowledge will include "the software lifecycle, vulnerabilities, risk, information security fundamentals and compliance." Applicants will need to have at least 4 years of professional experience or three years experience and an IT university degree before being able to sit the CSSLP.

"All too often, security is bolted on at the end of the software lifecycle as a response to a threat or after an exposure," said the recently-hired (ISC)2 board member and Information Security Forum (ISF) president, Howard Schmidt. "The time to act is now, because new applications that lack basic security controls are being developed every day, and thousands of existing vulnerabilities are being ignored."

A number of large software outfits have expressed support for the idea of a specific qualification, not least Microsoft, which recently put its own security SDL methodology into the public domain. Others endorsing it include Symantec, Xerox, and Frost & Sullivan.

The (ISC)2 has certified 62,000 security professionals around the globe in its 19 years of experience. Around 3,000 of these have been in the UK, and managing director John Colley said he was confident that the new qualification would appeal to at least this number of people over a period of time.

Colley expected registration to be complete by February 2009, with the first exam due at the end of June that year. Brush-up courses cost around $2,500, though these are usually paid for by businesses keen to see their security pros match the industry standard.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.