Secure Coding mailing list archives
Darkreading: Secure Coding Certification
From: coley at linus.mitre.org (Steven M. Christey)
Date: Mon, 14 May 2007 13:14:56 -0400 (EDT)
On Fri, 11 May 2007, Gary McGraw wrote:
What do you think? Can we test someone's software security knowledge with a multiple choice test? Anybody seen the body of knowledge behind the test?
I've participated heavily in the development of the test by contributing questions, giving guidance on subject areas, and identifying some of the language-independent, general knowledge categories. While multiple choice isn't perfect, SANS is consulting with a professional organization that has experience in making multiple choice certification-related tests for a variety of industries. They have given us extensive guidance on how to write solid questions. There are multiple checks and balances along the way to improve the quality of the questions. The "blueprints" as provided on the site give guidance to what kinds of questions are asked in the first place. Essay answers or program analysis projects might be able to give a more well-rounded understanding of what a developer does, but that would be subject to too much variation by the people evaluating the test results, not to mention being quite untenable on the scale that this effort is likely to reach. People will try to force this initial exam into being something much more comprehensive and authoeitative than it's intended to be, and there might be some bumps along the way, but - how can the industry afford NOT to try to test secure development skills? This is the first step of many. - Steve
Current thread:
- Tools: Evaluation Criteria, (continued)
- Tools: Evaluation Criteria McGovern, James F (HTSC, IT) (May 23)
- Darkreading: Secure Coding Certification Gary McGraw (May 15)
- Darkreading: Secure Coding Certification pmeunier (May 15)
- Darkreading: Secure Coding Certification ljknews (May 12)
- Darkreading: Secure Coding Certification Steven M. Christey (May 14)
- Darkreading: Secure Coding Certification McGovern, James F (HTSC, IT) (May 14)
- Darkreading: Secure Coding Certification Greg Beeley (May 14)
- Darkreading: Secure Coding Certification ljknews (May 14)
- Darkreading: Secure Coding Certification Steven M. Christey (May 14)
- Darkreading: Secure Coding Certification ljknews (May 14)
- Darkreading: Secure Coding Certification Greg Beeley (May 14)
- Darkreading: Secure Coding Certification Steven M. Christey (May 14)
- FW: Darkreading: Secure Coding Certification Gary McGraw (May 15)
- Darkreading: Secure Coding Certification Bennett, Jason (May 16)
- Darkreading: Secure Coding Certification Gary McGraw (May 16)
- Darkreading: Secure Coding Certification McGovern, James F (HTSC, IT) (May 16)