New software programmer exams for application security certification

The SANS Institute has announced the launch of the first GIAC Secure Software Programmer (GSSP) exams. The inaugural exams covering C and Java/Java EE will be held August 14, 2007, in Washington, D.C.

Several initiatives are underway to improve secure programming skills and knowledge. Symantec, Oracle, Microsoft, and a few other software companies are conducting short courses for their programmers; software firms like SPI Dynamics and Fortify Technology are working with universities to provide automated, real-time feedback to student programmers; and dozens of universities are creating elective courses on secure programming. Yet, even if all of those initiatives are successful, they are unlikely to measurably affect the existing 1.5 million programmers already in the work force or those who will be entering the work force over the next five years.

“The lack of trustworthy standards and certifications has been a challenge for software buyers and software developers,” said Hartmut Raffler, head of Technology Division Information and Communication at Siemens Corporate Technology. “Secure programming skills are essential for building software that can be trusted. SANS’ willingness to offer this exam as part of a comprehensive secure coding improvement strategy is exciting and will help both buyers and sellers of software.”

Visit http://www.sans.org/info/10506 for more information on the C and Java certifications and exams coming up in August.