(ISC)2 announced that over 1,000 professionals from 44 countries now hold its Certified Secure Software Lifecycle Professionals (CSSLP) certification.
Application vulnerabilities ranked as the number one threat, according to 72 percent of over 10,000 information security professionals who responded to the 2011 (ISC)2 Global Information Security Workforce Study (GISWS).
The CSSLP is the only code-language neutral certification that validates that professionals are qualified and capable of incorporating security into each phase of the software development lifecycle. This skill set is critical in curbing threats at the application layer – where most attackers are now focusing their efforts in order to steal organizations’ data.
Individuals holding the CSSLP certification are professionals with at least four years of industry experience and a thorough understanding of how to:
- Break the penetrate and patch testing approach
- Reduce production costs, vulnerabilities and delivery delays
- Reduce loss of revenue and reputation due to a breach resulting from insecure software
- Ensure compliance with government or industry regulations.
“The CSSLP certification was introduced three years ago to build a qualified workforce of software security professionals that can address the number one threat vector today: application security threats,” said Cassio Goldschmidt, CSSLP, senior manager, product security at Symantec and SAFECode member. “CSSLP certification ensures that our team understands how to include security throughout the development lifecycle, from conception to design, development and maintenance through disposal. Developing secure software is critical to defending against so many of today’s security threats.”
(ISC)2 executive director Hord Tipton added, “Professionals across the world are lining up to validate their skills in secure software lifecycle development. This is proof of the growing need to overcome application vulnerabilities. The data from our 2011 GISWS shows an industry that is insecure and in need of investment, education and a change of habit. Through the CSSLP, we are preparing everyone involved in the software development lifecycle with an understanding of and appreciation for security fundamentals so that we can eliminate software as attackers’ favourite port of entry.”
The CSSLP, which is accredited under ISO/IEC Standard 17024, aims to stem the proliferation of software vulnerabilities by establishing best practices and validating an individual’s competency in securing the software lifecycle.