The (ISC)2 has announced it will offer a new security qualification known as the CSSLP to software developers to certify their competence in the area of security design. The certification, officially known as the Certified Secure Software Lifecycle Professional (CSSLP), is designed to benefit both the professionals who take the $599 examination, and the companies who hire them. Those who pass the test will have to prove a high degree of competence across any programming language in understanding how to integrate good security practice into the software development lifecycle.
The following domains make up the CSSLP common body of knowledge (CBK):
- Secure Software Concepts – security implications in software development
- Secure Software Requirements – capturing security requirements in the requirements gathering phase
- Secure Software Design – translating security requirements into application design elements
- Secure Software Implementation/Coding - testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation
- Secure Software Testing – testing for security functionality and resiliency to attack
- Software Acceptance - security implication in the software acceptance phase
- Software Deployment, Operations, Maintenance and Disposal – security issues around steady state operations and management of software.
According to the (ISC)2, it’s no secret that security is not being addressed from a holistic perspective throughout the software lifecycle. Some 80% of all security breaches are application related equating to more then 226 million records being disclosed and fines reaching astronomical amounts. Since everybody who’s part of the software development lifecycle (SDLC) needs to understand security, everybody with at least four years of experience in the SDLC needs CSSLP, including software developers, engineers and architects, project managers, software QA, QA testers, business analysts and the professionals who manage these stakeholders.
For a free brochure on the CSSLP, click here.