First secure coding assessment and certification exams for programmers
A coalition of major technology users and vendors, organized by the SANS Institute, announced the first skills assessment and certification examinations for programming professionals to test their secure coding skills, find the gaps, and, if they choose, gain GIAC Secure Software Programmer (GSSP) status. The four examinations each cover a specific programming language suite: (1) C/C++, (2) Java/J2EE, (3) Perl/PHP, (4) .NET/ASP, and are designed to enable reliable measurements of technical proficiency and expertise in identifying and correcting the common programming errors that lead to security vulnerabilities.Ã‚Â The exams will be administered in August in Washington DC on a pilot basis, and then will roll out worldwide through the remainder of 2007.
The four secure programming examinations provide a focused approach for programming professionals who want to identify the gaps in their secure coding skills and knowledge. They also allow employers of those programmers to differentiate their organizations and help increase their competitive advantage by employing programming professionals who have successfully demonstrated their technical secure programming skills through certification.
How the Certification and Assessments Exams Will Be Offered
The examinations will be offered through three mechanisms beginning with a Washington, DC pilot test in the summer and a global rollout later in 2007. Each mechanism uses different questions:
1.Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Any candidate seeking certification may sit for the certification exams at testing sites around the world (generally at colleges or universities) on specific dates three times a year.
2.Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Secure Programming Enterprise Partners (companies and government agencies with large numbers of programmers, committed to improving the security skills of those programmers) will have access to enterprise versions of the exams they can use any time for employees or candidates or consultants.
3.Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Any programmer who wants to take a self assessment version of the exams to know where he or she stands may do so, online at any time, and learn about their level of mastery and gaps in their knowledge.