Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Darkreading: Secure Coding Certification

From: coley at linus.mitre.org (Steven M. Christey)
Date: Mon, 14 May 2007 13:24:15 -0400 (EDT)

On Mon, 14 May 2007, McGovern, James F (HTSC, IT) wrote:


1. ONLY consultants and vendors have jumped on the bandwagon. Other IT
professionals such as those who work in large enterprises have no
motivation to pursue.


"Only" vendors have jumped on the bandwagon?  The software developers are
the ones we WANT jumping on the bandwagon.

But it's not just those two.  The initial announcement of these exams
featured representatives from several large US government organizations
who said "they need this."  Other major US organizations need this and
want this, but they aren't saying so publicly.  SANS did a survey of over
300 organizations that included a lot of software consumers.


3. It needs to be more language agnostic. Folks who code in Smalltalk,
Ruby or scripting languages should not be treated as second class
citizens


The current tests are designed to handle specific skills in specific,
prominent languages.   Other tests might come out as a result of demand.


4. I would not measure "experience" but desire to pursue knowledge.


This would be great, but I'm not sure how you could actually test it.

- Steve
Previous By Date Next
Previous By Thread Next

Current thread: