Security Pros Offered New CSSLP Qualification

United Kingdom-based (ISC)2 is going to start offering a security qualification known as the CSSLP to software developers to certify their competence in the area of security design.

In an article on the Techworld website, John E. Dunn says the certification, technically known as the Certified Secure Software Lifecycle Professional (CSSLP), is designed to benefit both the professionals who take the $599 examination, and the companies who hire them. Anyone passing the test will have to prove a high degree of competence across any programming language in understanding how to integrate good security practice into the software development lifecycle.

Areas of knowledge will include “the software lifecycle, vulnerabilities, risk, information security fundamentals and compliance,” Dunn says. Applicants will need to have at least four years of professional experience or three years experience and an IT university degree before being able to sit the CSSLP.

“All too often, security is bolted on at the end of the software lifecycle as a response to a threat or after an exposure,” recently-hired (ISC)2 board member and Information Security Forum (ISF) president Howard Schmidt told Dunn. “The time to act is now, because new applications that lack basic security controls are being developed every day, and thousands of existing vulnerabilities are being ignored.”

To read the full article, click here: http://www.techworld.com/security/news/index.cfm?newsID=104781&pagtype=all