Code-language neutral, it will be applicable to anyone involved in the software lifecycle, including analysts, developers, software engineers, software architects, project managers, software quality assurance testers and programmers.
Subject areas covered by the CSSLP exam will include the software lifecycle, vulnerabilities, risk, information security fundamentals and compliance. Candidates must demonstrate four years of professional experience in the software lifecycle process or three years of experience and a bachelor's degree (or regional equivalent) in an IT discipline.
John Colley, CISSP, (ISC)2 managing director EMEA, said: “Unsecured software is not only a danger to the enterprise, it can cause higher production costs and delays for the software developer, and require additional staff for the end-user as well.
“Te CSSLP will be a key component in better critical infrastructure protection, reduced risk of software malpractice suits and stricter adherence to industry and government regulations. The CSSLP ensures that our first line of defence in this war – people – have the tools and knowledge to implement and enforce security throughout the software lifecycle.
“We are certifying individuals to make sure that they understand what they are doing. We have done market research and now at the end of the month we are offering a certificate that is based on experience. We are using subject matter experts rather than preaching ourselves as they know what the requirements and challenges are for the people running these applications.
“The programme will run for six months until the middle of March and we will hold the first exam at the end of June with registration opening in February 2009, educational seminars will be held in due course. Though we suspect some people may be able to get the certificate without sitting an exam.”
Wes Higaki, director, software assurance, Office of the CTO at Symantec, said: “Today's emerging threats include several security risks which exploit the flaws and limitations of the application code for many technology products and services that businesses and individuals have come to rely on in their day-to-day lives. We applaud (ISC)²'s effort in developing a new professional credential aimed at software security. Earning the CSSLP certification is the first step in ensuring that personnel are aptly qualified and will help address the ever-growing need for secure software.”