New secure software development credential from (ISC)2

(ISC)2 opened registration for classes and exams for its Certified Secure Software Lifecycle Professional (CSSLPCM). With the first classes beginning this month, the CSSLP CBK Review Seminars will be available from (ISC)2 education affiliates in five EMEA countries: Germany, United Kingdom, Egypt, Poland and Italy.

The CSSLP aims to stem the proliferation of security vulnerabilities resulting from insufficient development processes by establishing best practices and validating an individual’s competency in addressing security issues throughout the software lifecycle (SLC). Code-language neutral, it will be applicable to anyone involved in the SLC, including analysts, developers, software engineers, software architects, project managers, software quality assurance testers and programmers.

To be eligible for the certification, CSSLP candidates must demonstrate four years of professional experience in the SLC process or three years of experience and a bachelor’s degree (or regional equivalent) in an IT discipline.

The CSSLP CBK, a compendium of software development topics, covers seven domains:

• Secure Software Concepts – security implications in software development
• Secure Software Requirements – capturing security requirements in the requirements gathering phase
• Secure Software Design – translating security requirements into application design elements
• Secure Software Implementation/Coding – unit testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation
• Secure Software Testing – integrated QA testing for security functionality and resiliency to attack
• Software Acceptance – security implication in the software acceptance phase
• Software Deployment, Operations, Maintenance and Disposal – security issues around steady state operations and management of software.

A six-month experience assessment process, which closed March 31, 2009, attracted nearly 1,000 applicants from 50 countries, 446 of which have earned the CSSLP to date. The first open exams will be offered beginning June 30, 2009 and will be administered at any location around the world where (ISC)2 offers exams.

The exam and Review Seminar materials were created by secure software professionals who met experience and other requirements to contribute to the exam development process and other programme development tasks. With the first programme scheduled April 13-17, Education affiliate Firebrand Training is offering on-site CSSLP CBK Review Seminars and exams every month through October in Germany and the United Kingdom.