Secure Software Requirements - capturing security requirements in the requirements gathering phase

Secure Software Design - translating security requirements into application design elements

Secure Software Implementation/Coding - unit testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation

Secure Software Testing - integrated QA testing for security functionality and resiliency to attack

Software Acceptance - security implication in the software acceptance phase

Software Deployment, Operations, Maintenance and Disposal - security issues around steady state operations and management of software

The first open exams will be offered beginning June 30, 2009 and will be administered at any location where (ISC)2 offers its certification exams around the world. For a list of exam locations and dates, please visit https://webportal.isc2.org/Custom/ExamsSearch.aspx.

CSSLP CBK education courses have been scheduled for the following dates and U.S. cities:

May 4-8 " Seattle, Wash. May 11-15 " San Antonio, Texas May 18-22 " Orlando, Fla. June 15-19 " Ashburn, Va. Additional course dates in July through the end of 2009 are in the process of being scheduled. For more information on the CSSLP and associated course offerings, please visit www.isc2.org/csslp.

The exam and education materials were created by secure software professionals who met experience and other requirements to contribute to the exam development process and other program development tasks. A six-month experience assessment process, which closed March 31, 2009, attracted nearly 1,000 applicants from 50 countries, 505 of which have qualified for and earned the CSSLP to date.

"The fact that we have received such a tremendous response during the experience assessment is a strong indication that organizations and individuals are recognizing the urgent need to tackle the escalating problem of unsecured software and that secure software development is a top priority in today's environment," said W. Hord Tipton, CISSP-ISSEP, CAP, CISA, CNSS, executive director for (ISC)2. "The CSSLP is a solid first step toward making security a concern and a component in every aspect of the lifecycle of software development and benefits organizations, governments, citizens and professionals alike."

Tipton will moderate a related panel titled "Professionalizing the Security of Software Development" at the RSA Conference 2009 this Thursday, April 23 at 8 a.m. in the Moscone Center, Purple Room 305 (session code: PROF-301). Panelists include Alan Paller, director of research for the SANS Institute; Steven Lipner, CISSP, senior director of security engineering at Microsoft; and Hart Rossman, vice president, CTO Cyber Programs and chief security technologist, SAIC.

About (ISC)

The International Information Systems Security Certification Consortium, Inc. [(ISC)2'] is the globally recognized Gold Standard for certifying information security professionals. Celebrating its 20th anniversary, (ISC) has now certified over 60,000 information security professionals in more than 130 countries. Based in Palm Harbor, Florida, USA, with offices in Washington, D.C., London, Hong Kong and Tokyo, (ISC)2 issues the Certified Information Systems Security Professional (CISSP') and related concentrations, Certified Secure Software Lifecycle Professional (CSSLPCM), Certification and Accreditation Professional (CAP'), and Systems Security Certified Practitioner (SSCP') credentials to those meeting necessary competency requirements. (ISC) CISSP and related concentrations, CAP, and the SSCP certifications are among the first information technology credentials to meet the stringent requirements of ANSI/ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC) also offers a continuing professional education program, a portfolio of education products and services based upon (ISC)2's CBK', a compendium of information security topics, and is responsible for the (ISC) Global Information Security Workforce Study. More information is available at www.isc2.org.