Region: Government      Corporate
You are not logged in    Login
IDS Emergencymanagement
  The Information Resource for the Emergency Management Industry!
Browse Emergency Products & Suppliers By Category
Browse Emergency Whitepapers By Sector
Browse Emergency Management Events By Category
Participation Options
Free Listing
Interested In Exhibiting?
Submit Events
About IDS Emergency
Submit News
Emergency Management Newsletter
Press ReleaseClick Here to view Press Releases
ISC2 Scheme to Nurture Security Skills
News Source
computing.co.uk
September 25, 2008
Click HereView Participation Packages
Click Here
Add paper

CSSLP programme is designed to improve the credentials of software developers

Security training provider ISC2 will today launch a new certification programme designed to improve the security credentials of software developers and ultimately raise the standard of applications.

The Certified Secure Software Lifecycle Professional (CSSLP) programme is open to security professionals who can demonstrate four years of professional experience in the software lifecycle process or three years of experience and an IT degree.

“Despite hype in the press about data disclosures, according to Gartner about 80 per cent of breaches are actually caused by badly implemented or insecure software,” said ISC2’s European managing director John Colley. “Attacks are now hitting the application and end-user. The security industry is realising that while it’s important to have good policies and processes, if the software has holes in it you’re on a hiding to nothing.”

From this month until March next year, ISC2 will run an “experience assessment process”, which will help to develop an exam question base. Subject areas covered in the process will be software concepts, requirements, design, implementation and coding, testing and deployment. The first exams will then follow in June 2009.

The organisation expects the certification in time to be as widespread and influential as its CISSP qualification, with senior management using it as part of their criteria to judge new recruits in software development, said Colley.

Graham Titterington of analyst firm Ovum welcomed the standard.

“I tend to be sceptical about this type of thing but I feel quite supportive of this one, because they’ve recognised an area not covered in the traditional academic curriculum,” he said. “There’s a lot more interest from the vendor side to improve secure software development too, so it’s also timely to address this sort of thing.”

Nigel Jones, director of the government-backed Cyber-Security Knowledge Transfer Network, said that commercial pressures and a developer culture focusing too heavily on functionality rather than security had led to poor software development.

“I hope the initiative will generate a body of knowledge that will be shared, because this area needs to be looked at,” he said. “Some companies have developed their own lifecycle models but there is not a universal view on this.”
Other News
CDERA Hosts Third Caribbean Conference on Comprehensive Disaster Management
OAO Technology Solutions, Inc. Features Enterprise IT Solutions at itSMF UK 2008
Asia Puts offs Bank Privatisation to Fight Crisis
DBFS Signs Agreement to Cover Carbon Emission Drive
Asbestos Still a Persistent Problem in South Africa
More news
 

Industry IDS, Inc.
DELEGATES
13529
Conference Sectors  Case Studies  List of Papers  Exhibition Sectors  Vendor Presentation  List of Exhibitors  Industry News  Sponsors  All Exhibitors  All Papers  Sitemap  Registration Links ]

 :: IDS Plastics :: IDS Water ::IDS Packaging::IDS Publishing/Media ::IDS Healthcare Management ::IDS Environment::IDS Power/Energy::  

Industry IDS, Inc. – Online Tradeshow, Exhibition, & Buyers Guide Solutions