The CSSLP aims to stem the proliferation of security vulnerabilities resulting from insufficient development processes by establishing best practices and validating an individual's competency in addressing security issues throughout the software lifecycle (SLC). Code-language neutral, it will be applicable to those involved in the SLC, including analysts, developers, software engineers, software architects, project managers, software quality assurance testers and programmers.
To be eligible for the certification, CSSLP candidates must demonstrate four years of professional experience in the SLC process or three years of experience and a bachelor's degree (or regional equivalent) in an IT discipline.
The CSSLP CBK', a compendium of software development topics, covers seven domains:
The first open exams will be offered beginning June 30, 2009 and will be administered at any location where (ISC)2 offers its certification exams around the world. For a list of exam locations and dates, please visit https://webportal.isc2.org/Custom/ExamsSearch.aspx.
CSSLP CBK education courses have been scheduled for the following dates and U.S. cities:
May 4-8 " Seattle, Wash. May 11-15 " San Antonio, Texas May 18-22 " Orlando, Fla. June 15-19 " Ashburn, Va. Additional course dates in July through the end of 2009 are in the process of being scheduled. For more information on the CSSLP and associated course offerings, please visit www.isc2.org/csslp.
The exam and education materials were created by secure software professionals who met experience and other requirements to contribute to the exam development process and other program development tasks. A six-month experience assessment process, which closed March 31, 2009, attracted nearly 1,000 applicants from 50 countries, 505 of which have qualified for and earned the CSSLP to date.
"The fact that we have received such a tremendous response during the experience assessment is a strong indication that organizations and individuals are recognizing the urgent need to tackle the escalating problem of unsecured software and that secure software development is a top priority in today's environment," said W. Hord Tipton, CISSP-ISSEP, CAP, CISA, CNSS, executive director for (ISC)2. "The CSSLP is a solid first step toward making security a concern and a component in every aspect of the lifecycle of software development and benefits organizations, governments, citizens and professionals alike."
Tipton will moderate a related panel titled "Professionalizing the Security of Software Development" at the RSA Conference 2009 this Thursday, April 23 at 8 a.m. in the Moscone Center, Purple Room 305 (session code: PROF-301). Panelists include Alan Paller, director of research for the SANS Institute; Steven Lipner, CISSP, senior director of security engineering at Microsoft; and Hart Rossman, vice president, CTO Cyber Programs and chief security technologist, SAIC.
The International Information Systems Security Certification Consortium, Inc. [(ISC)2'] is the globally recognized Gold Standard for certifying information security professionals. Celebrating its 20th anniversary, (ISC) has now certified over 60,000 information security professionals in more than 130 countries. Based in Palm Harbor, Florida, USA, with offices in Washington, D.C., London, Hong Kong and Tokyo, (ISC)2 issues the Certified Information Systems Security Professional (CISSP') and related concentrations, Certified Secure Software Lifecycle Professional (CSSLPCM), Certification and Accreditation Professional (CAP'), and Systems Security Certified Practitioner (SSCP') credentials to those meeting necessary competency requirements. (ISC) CISSP and related concentrations, CAP, and the SSCP certifications are among the first information technology credentials to meet the stringent requirements of ANSI/ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC) also offers a continuing professional education program, a portfolio of education products and services based upon (ISC)2's CBK', a compendium of information security topics, and is responsible for the (ISC) Global Information Security Workforce Study. More information is available at www.isc2.org.