Secure Coding mailing list archives
What defines an InfoSec Professional?
From: secureCoding2dave at davearonson.com (SC-L Subscriber Dave Aronson)
Date: Fri, 09 Mar 2007 14:50:36 +0000
James.McGovern at thehartford.com writes:
certifications such as CISSP whereby the exams that prove you are a security professional talk all about physical security and network security but really don't address software development in any meaningful way.
Perhaps what is needed is a separate certification. It would be nice to know that someone knows how to write software in a secure manner, but it's not necessary that they know all about physical security, firewall rules, etc. It could even be done at multiple levels, like Sun's Java certs, to certify knowledge of secure design principles vs. secure *implementation* principles, maybe even going onward to principles of building security into the process. Something like, say, Certified Secure Programmer, Coder, and Software Engineer, respectively.
Would be intriguing for folks here that blog to discuss ways
...in their blogs? <rant size="micro">That's not discussion, that's pontificating. It also detracts from discussion, by fracturing it.</rant> Discussion is what we're having *here*, so whether someone blogs is irrelevant. -Dave
Current thread:
- What defines an InfoSec Professional? Gunnar Peterson (Mar 08)
- What defines an InfoSec Professional? Shea, Brian A (Mar 08)
- What defines an InfoSec Professional? McGovern, James F (HTSC, IT) (Mar 08)
- What defines an InfoSec Professional? Michael Silk (Mar 08)
- What defines an InfoSec Professional? Greg Beeley (Mar 08)
- What defines an InfoSec Professional? Steven M. Christey (Mar 08)
- What defines an InfoSec Professional? McGovern, James F (HTSC, IT) (Mar 08)
- What defines an InfoSec Professional? Gunnar Peterson (Mar 08)
- What defines an InfoSec Professional? Michael S Hines (Mar 09)
- What defines an InfoSec Professional? Benjamin Tomhave (Mar 09)
- What defines an InfoSec Professional? Shea, Brian A (Mar 08)
- <Possible follow-ups>
- What defines an InfoSec Professional? SC-L Subscriber Dave Aronson (Mar 09)