The International Information Systems Security Certification Consortium [(ISC)²] is a not-for-profit global organisation that educates and certifies information security professionals. Founded in 1989 and based in Florida, US, (ISC)² has certified more than 60,000 information security professionals in 138 countries.

The CSSLP aims to validate secure software development practices and expertise to address the increasing number of vulnerabilities. Launched on 25 September, the experience assessment phase is available to those who have four years of professional experience in the software development lifecycle (SDLC) and can demonstrate and document their expertise in at least four of the seven CSSLP domains. The first CSSLP exam is scheduled for the end of June next year.

"We are very pleased by the reaction we have received thus far from veteran software development professionals who are providing their expertise in the development of the CSSLP," said W. Hord Tipton, executive director for (ISC)². "The fact that we have received responses from so many countries around the world underscores the notion that the problem of secure software is truly a global issue."

100 initial applicants

Applications for the CSSLP were received from Austria, Canada, China, France, Hong Kong, India, Ireland, Italy, Japan, Luxembourg, Puerto Rico, South Africa, South Korea, Sweden, Switzerland, the United Kingdom and the United States.

The first three individuals to attain the CSSLP certification for their early contributions were Jim Molini, senior programme manager, identity and security division, Microsoft; Mano Paul, founder, Express Certifications and former senior global security programme manager, Dell; and Cassio Goldschmidt, senior manager, product security, Symantec.

"These three individuals have been instrumental in forming this critical new credential and represent the type of accomplished individuals in the software community who are expressing such strong interest in the CSSLP," said Tipton.

Designed to stem the proliferation of security vulnerabilities resulting from inadequate development processes, the CSSLP establishes best practices and validates an individual's competency in addressing security issues throughout the SDLC. Code-language neutral, it is applicable to anyone involved in the SDLC, including analysts, developers, software engineers, software architects, project managers, software quality assurance testers and programmers.

The seven domains of the CSSLP are Secure Software Concepts, Secure Software Requirements, Secure Software Design, Secure Software Implementation/Coding, Secure Software Testing, Software Acceptance, Software Deployment, Operations, and Maintenance and Disposal.

The experience assessment opportunity runs through 31 March 2009. More details can be found at www.isc2.org/csslp-assessment.aspx.