more relevant certifications

[goertzel_karen at bah.com (Goertzel, Karen [USA])]

I would refer you to Section 7.2.2.2, Professional Certifications, starting on page 272 of "Software Security 
Assurance: A State-of-the-Art Report" which can be downloaded from: http://iac.dtic.mil/iatac/download/security.pdf

The report was published in July 2007; there may be additional certifications that have become available since then.

--
Karen Mercedes Goertzel, CISSP
Booz Allen Hamilton
703.698.7454
goertzel_karen at bah.com




-----Original Message-----
From: sc-l-bounces at securecoding.org on behalf of SC-L Reader Dave Aronson
Sent: Fri 20-Mar-09 09:59
To: Secure Coding
Subject: [SC-L] more relevant certifications
 
Paco Hope <Paco at cigital.com> wrote:

> just as overly-simplistic as
> someone who disparages all credentials equally.

On that note... my company (BAE Systems) has been pushing for people
to become CISSPs, because in turn the main client (US gov) has been
pushing for contractors to have a bunch of CISSPs on the projects.
But, it seems as though that cert is very heavily loaded down with
things that front-line grunts like me will NEVER use.  I doubt I'll
ever get to decide where a data center is located, let alone the
entire building, nor what kind of fire detection/suppression or
physical security systems it has, and I can probably forget about
dictating HR policy as well.

So, I was considering other certs, that seem much more relevant.  The
main relevant one I've heard of is the GSSP (GIAC Secure Software
Programmer).

1) What do y'all think of that one?

2) It looked to me as though, other than perhaps from buying books,
there is one and only one GSSP practice exam, and it can be taken only
once.  Am I wrong?  Do you know of any others available for free,
preferably to be taken online?

3) Have you heard of any other certs relevant for those of us who
mainly design and implement computer-based systems, which will usually
undergo security scrutiny, and usually have little to no say about all
the other stuff around it?  (Preferably not technology-specific, as
opposed to for example a "Secure Java" or "Secure Web-Apps" cert.)
Compare and contrast, as the teachers would say....

Thanks,
Dave

-- 
Dave Aronson: Have Pun, Will Babble | Work: davearonson.com | /\ ASCII
------------------------------------| Play: davearonson.net | \/ Ribbon
"Specialization is for insects."    | Life: dare2xl.com     | /\ Campaign
-Robert A. Heinlein                 | Wife: nasjleti.net    | Email<>Web
_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://krvw.com/pipermail/sc-l/attachments/20090320/c5ed098e/attachment-0001.html