WASHINGTON -- A coalition of major technology users and vendors, organized by the SANS Institute, today announced the first skills assessment and certification examinations for programming professionals to test their secure coding skills, find the gaps, and, if they choose, gain GIAC Secure Software Programmer (GSSP) status. The four examinations each cover a specific programming language suite: (1) C/C++, (2) Java/J2EE, (3) Perl/PHP, (4) .NET/ASP, and are designed to enable reliable measurements of technical proficiency and expertise in identifying and correcting the common programming errors that lead to security vulnerabilities. The exams will be administered in August in Washington DC on a pilot basis, and then will roll out worldwide through the remainder of 2007.
"Organized crime groups have turned their attention to computer-based crimes and are increasingly attacking weaknesses in applications, raising the value of secure coding skills. This assessment and certification program will help programmers learn what they dont know, and help organizations identify programmers who have solid security skills," said Alan Paller, director of research at the SANS Institute. "With the right skills, programmers can reduce the risk of losses caused by cyber attacks, and the certification will allow security-aware programmers to stand out in an increasingly competitive marketplace."
The four secure programming examinations provide a focused approach for programming professionals who want to identify the gaps in their secure coding skills and knowledge. They also allow employers of those programmers to differentiate their organizations and help increase their competitive advantage by employing programming professionals who have successfully demonstrated their technical secure programming skills through certification.
The SANS Institute