Certified Secure Software Lifecycle Professional (CSSLP) is a new vendor-neutral application security certification governed by the non-profit International Information Systems Security Certification Consortium (commonly recognized as ISC2) intended to validate secure software development knowledge and top practices. As of October 10, 2008, (ISC)² has reported certifying 61,763 information security professionals in 133 countries. A range of organizations have expressed their support for the CSSLP, including Microsoft, Symantec, Cisco, SANS, DSCI (NASSCOM), SRA International, Software Assurance Forum for Excellence in Code (SAFE Code), Xerox, ISSA, BASDA (Business Application Software Developers’ Association), and Frost & Sullivan.
Scope of CSSLP Certification
It's no top Secret that security is not being addressed from a holistic appearance all through the software lifecycle. Whatever 80% of all security breaches are application correlate equating to more 226000000 records state unconcealed and fines movement massive amounts.
The following domains modify up the CSSLP CBK center on the requirement for building security into the SDLC:
- Software Concepts - security implications in software development
- Software Requirements - capturing security requirements in the requirements gathering phase
- Software Design - translating security requirements into application design elements CSSLP Man
- Software Implementation/Coding - unit testing for security functionality and backlash to attack, and developing secure code and use alleviation
- Software Testing - Desegregated QA testing for security functionality and resiliency to bother.
- Acceptance - Security suggestion in the software Acceptance phase
- Deployment, Dealing, Repair and Disposal - security issues around steady state transaction and management of software
There are no safeguards that the software we all rely on is secure. An ontogeny figure of world organizations and experts consider the enterprise is at odd risk because the applications being accessed on a laptop could be entrance points for possible Hack or Bug. The Gartner Group estimates that over 70% of security vulnerabilities live at the application layer.
Benefits of Certification to the Professional
A broad formation of respected organizations has uttered their backing for the CSSLP and are sending their eligible software staff through the training and examination process
Benefits of Certification to the Enterprise
Because security is often “bolted on " at the end of the SLC as a response to a threat or after an exposure, higher production costs and delays can ensue. Straitlaced education and certification are far less pricey than hiring more employees to sewing problems.
0 comments:
Post a Comment