US introduduces certification for developers

By Dan Kaplan on Mar 27, 2007 12:05 AM
Filed under Risk

With web applications - and their security risks - becoming more ubiquitous by the day, the SANS Institute has launched its first-ever certification program for code developers.

Announced today at a meeting of federal CIOs and CISOs in Washington, D.C., the initiative will consist of four exams to test four programming language suites: C/C++, Java/JSP, Perl/PHP and .NET/ASP.

"It’s the first time we’ve ever offered a certification where we don’t have a course," said Alan Paller, director of research for the SANS Institute. "There are a million and a half people who need to get up to speed quickly."

Michael Sutton, security evangelist for SPI Dynamics, which has partnered with SANS on the undertaking, said security is an integral part of the entire software-development lifecycle.

But developers have received little security training.

"Historically, we’ve incentivised our developers on features and functionality and to get the application out on time," he said. "As a developer, why would I care about security? You told me my bonus payment relies on these things – and security wasn’t mentioned."

In all other instances, SANS first creates curriculum and classes to instruct professionals, who then take an exam to validate their skill levels and earn the appropriate credential.

In the case of secure software and application development, SANS officials worried there would be too many people to train, Paller said. That is why SANS officials hope the new tests catch on in the enterprise and encourage colleges to include secure coding practices in their curriculum.

"We did this as an incentive to put this in their required courses," he said.

So SANS tapped a number of security experts to collaborate and create the 90-question exams, which organizations can use to hire the most skilled personnel, Paller said.

"Everyone who deploys a web application, they want to make sure the people who wrote it know what they’re doing," he said.

The tests will be released in the fall.

SANS and SPI Dynamics also announced today a 40-city workshop tour – unrelated to the exams – to teach web application developers how to write more secure code.

"I think they’re (developers) anxious to learn," Sutton said.
US introduduces certification for developers
Keywords
sans, institute, offer, cert, exams, application, developers
Related

What are your thoughts on this article? Add your comment below.

To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.

NOTE: You must be a registered member of SC Magazine to post a comment.

Click here to login | Click here to register
comments powered by Disqus
Sign up to receive SC Magazine email newsletters
   FOLLOW US...
Most Read