Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Darkreading: Secure Coding Certification

From: yo at secappdev.org (Johan Peeters)
Date: Sat, 12 May 2007 12:11:11 +0200
I agree that multiple choice alone is inadequate to test the true
breadth and depth of someone's security knowledge. Having contributed
a few questions to the SANS pool, I take issue with Gary's article
when it implies that you can pass the GSSP test while clueless.

There is indeed a body of knowledge that is being tested. SANS has
been soliciting comments on the document.

kr,

Yo

On 5/11/07, Gary McGraw <gem at cigital.com> wrote:

Hi all,

As readers of the list know, SANS recently announced a certification scheme for secure programming.  Many vendors and 
consultants jumped on the bandwagon.  I'm not so sure the bandwagon is going anywhere.  I explain why in my latest 
darkreading column:

http://www.darkreading.com/document.asp?doc_id=123606

What do you think?  Can we test someone's software security knowledge with a multiple choice test?  Anybody seen the 
body of knowledge behind the test?

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com

_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________




-- 
Johan Peeters
http://johanpeeters.com
Previous By Date Next
Previous By Thread Next

Current thread: