The (ISC)² launched a brand new certification program, the Certified Secure Software Lifecycle Professional (CSSLP) www.isc2.org/csslp. The CSSLP is designed to validate secure software development practices and expertise and address the increasing number of application vulnerabilities.
Code-language neutral, it will be applicable to anyone involved in the Systems Development Life Cycle (SDLC), including analysts, developers, software engineers, software architects, project managers, software quality assurance testers and programmers.
The following domains make up the CSSLP Common Body of Knowledge:
Secure Software Concepts - security implications in software development
Secure Software Requirements - capturing security requirements in the requirements gathering phase
Secure Software Design - translating security requirements into application design elements
Secure Software Implementation / Coding - testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation
Secure Software Testing - testing for security functionality and resiliency to attack
Software Acceptance - security implication in the software acceptance phase
Software Deployment, Operations, Maintenance and Disposal - security issues around steady state operations and management of software
The CSSLP certification program joins a number of other existing certification programs:
IEEE:
Certified Software Development Associate (CSDA) and Certified Software Development Professional (CSDP) http://www.computer.org/certification
SANS:
GIAC Secure Software Programmer (GSSP) Certification (Language specific/secure coding, presently Java and C) http://www.sans.org/gssp/
ISSECO:
International Secure Software Engineering Council CSSE Certified Professional for Secure Software Engineering http://www.isseco.org/
When certified professionals are part of an SDLC program that incorporates secure processes and policies, significant progress is made in achieving software assurance.
Posts
No comments:
Post a Comment