Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Darkreading: Secure Coding Certification

From: James.McGovern at thehartford.com (McGovern, James F (HTSC, IT))
Date: Mon, 14 May 2007 09:55:07 -0400
Gary, I think this test will miss for other reasons including but not limited to:

1. ONLY consultants and vendors have jumped on the bandwagon. Other IT professionals such as those who work in large 
enterprises have no motivation to pursue. 

2. The target price for the exams will be an impediment as many folks who can't get reimbursed for taking them will not 
bother. 

3. It needs to be more language agnostic. Folks who code in Smalltalk, Ruby or scripting languages should not be 
treated as second class citizens

4. I would not measure "experience" but desire to pursue knowledge. Experience over time can get static. How many of us 
know a COBOL programmer who has had one years of experience twenty times.

-----Original Message-----
From: sc-l-bounces at securecoding.org
[mailto:sc-l-bounces at securecoding.org]On Behalf Of Gary McGraw
Sent: Friday, May 11, 2007 11:18 AM
To: SC-L at securecoding.org
Subject: [SC-L] Darkreading: Secure Coding Certification


Hi all,

As readers of the list know, SANS recently announced a certification scheme for secure programming.  Many vendors and 
consultants jumped on the bandwagon.  I'm not so sure the bandwagon is going anywhere.  I explain why in my latest 
darkreading column:

http://www.darkreading.com/document.asp?doc_id=123606

What do you think?  Can we test someone's software security knowledge with a multiple choice test?  Anybody seen the 
body of knowledge behind the test?

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com

_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________


*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************
Previous By Date Next
Previous By Thread Next

Current thread: