Secure Coding mailing list archives
Darkreading: Secure Coding Certification
From: Greg.Beeley at LightSys.org (Greg Beeley)
Date: Mon, 14 May 2007 11:35:19 -0400
1. ONLY consultants and vendors have jumped on the bandwagon. Other IT professionals such as those who work in large enterprises have no motivation to pursue. 2. The target price for the exams will be an impediment as many folks who can't get reimbursed for taking them will not bother.
Agreed. There might be some value to a software development outsourcing company, but that will limit coverage. I definitely know that the pricing issue would prevent me from taking the exam, but I'm in nonprofit/charity work; I am not representative of most of the industry....
3. It needs to be more language agnostic. Folks who code in Smalltalk, Ruby or scripting languages should not be treated as second class citizens
Agreed in concept to the "no second-class citizens" idea. But I think the test needs to have a language-specific element to it. Every language and environment has unique pitfalls and security considerations. A developer who knows to avoid memory management, buffer, and integer issues in C may have no clue about nul-poisoning in a web scripting language's counted (as opposed to zero-terminated) strings.
4. I would not measure "experience" but desire to pursue knowledge. Experience over time can get static. How many of us know a COBOL programmer who has had one years of experience twenty times.
To me, the "experience" qualification isn't so much "how many years of coding", but how much has the person actually practiced "secure coding"? An experienced secure coder is much more able to recognize, at a glance, issues in the code and in the design, as compared to someone who has been recently trained at a secure coding "boot camp". But I do agree with you that experience in terms of time is a somewhat rough metric. Greg.
Current thread:
- Darkreading: Secure Coding Certification, (continued)
- Darkreading: Secure Coding Certification Arian J. Evans (May 16)
- Darkreading: Secure Coding Certification McGovern, James F (HTSC, IT) (May 21)
- Tools: Evaluation Criteria McGovern, James F (HTSC, IT) (May 22)
- Tools: Evaluation Criteria Steven M. Christey (May 22)
- Tools: Evaluation Criteria McGovern, James F (HTSC, IT) (May 23)
- Darkreading: Secure Coding Certification pmeunier (May 15)
- Darkreading: Secure Coding Certification Steven M. Christey (May 14)
- Darkreading: Secure Coding Certification Greg Beeley (May 14)
- Darkreading: Secure Coding Certification ljknews (May 14)
- Darkreading: Secure Coding Certification Steven M. Christey (May 14)
- Darkreading: Secure Coding Certification ljknews (May 14)
- Darkreading: Secure Coding Certification McGovern, James F (HTSC, IT) (May 16)