Test the Safety Smarts of Your Developers
How solidly does your development staff write its code? A new testing process could help.
The exams will cover C/C++, Java/J2SE, Perl/PHP and .Net/ASP, according to SANS, which runs a computer security training institute. A pilot exam program will start in August in Washington, D.C., and the program will be extended worldwide by year's end.
The exams can identify gaps in a programmer's training, then eventually enable developers to gain GIAC Secure Software Programmer (GSSP) status through the Global Information Assurance Certification (GIAC) program, part of SANS.
The program arose from grassroots need: The IT industry has told SANS it doesn't know how well its programmers write secure code, says Steven Crofts, director of vendor and media programs at SANS. "This is the first large-scale attempt to validate if the people inside an organization know what they are doing," Crofts says.
According to Johannes Ullrich, chief technical officer of the Internet Storm Center, a part of SANS that monitors security vulnerabilities and the Internet’s health, Web applications, such as those used for e-commerce, are one area where programmers often need added training on the security implications of some programming language features.
developers



