The movement to create secure software received a boost with the launch of a new certification from (ISC)2, called the Certified Secure Software Lifecycle Professional, designed to validate secure software development practices.The certification, called the Certified Secure Software Lifecycle Professional (CSSLP), is designed to validate secure software development practices and build expertise to address the increasing number of application vulnerabilities.
The certification program takes a holistic approach to software security. It is code-language neutral, and applicable to anyone involved in software lifecycles. It's designed to ensure that software developers can prove they can write secure code and eliminate code vulnerable to hacker attacks.
In a statement, Howard A. Schmidt, president of the Information Security Forum, said, "All too often, security is bolted on at the end of the software lifecycle as a response to a threat or after an exposure.
New applications that lack basic security controls are being developed every day, and thousands of existing vulnerabilities are being ignored."
W. Hord Tipton, executive director for (ISC)
2, added, "The CSSLP will be a key component in better critical infrastructure protection, reducing the risk of software malpractice suits and enabling stricter adherence to industry and government regulations."
Subject areas covered by the CSSLP exam include the software lifecycle, vulnerabilities, risk, information security fundamentals and compliance.
The seven domains of the CSSLP compendium of secure software topics are:
- Secure Software Concepts
- Secure Software Requirements
- Secure Software Design
- Secure Software Implementation/Coding
- Secure Software Testing
- Software Acceptance
- Software Deployment, Operations, Maintenance and Disposal
The first CSSLP exam is scheduled for the end of June in 2009.
See original article on scmagazineus.com