ISC², an information security training firm, has announced it will offer a new security certification for software professionals starting next June. The certification will be aimed at reducing the number of vulnerabilities in software applications to help cut down on hackers gaining access to systems. ISC² said its certification program will establish best practices, and will validate an individual's competency in addressing security issues that occur during the life cycle of software development and use.
"Often, coders focus on enabling that cool application that is robust and innovative, but not necessarily secure," said Howard Schmidt, an ISC² board member.
The certification will address seven stages of software development: conceptualization; definition of requirements; design; implementation and coding; testing; acceptance; and deployment, operations, maintenance and disposal. Subject areas covered will include vulnerabilities, risk, information security fundamentals and compliance.
"This is no longer a world where you build software and patch vulnerabilities as they're detected," Schmidt said. "The bad guys are working harder, and we have to do better to ensure vulnerabilities don't exist in the first place."
For more on this security debate:
- see this nextgov.com article [1]
Links:
[1] http://www.nextgov.com/nextgov/ng_20080924_9727.php