Certifications for secure coding
- By William Jackson
- Oct 15, 2007
Twenty-three certificates for secure programming have been awarded in the first round of GIAC Secure Software Programmers exams offered by the SANS Institute.
The exams were developed by SANS with the cooperation of a number of international industry and U.S. government organizations, including the U.S. Computer Emergency Readiness Team, to test the ability of programmers to produce secure code free from the most common errors that create security vulnerabilities.
The program is a response to a growing but unmet need for training in secure programming, said Alan Paller, director of research at SANS.
'Colleges are not including secure coding in their core programming courses,' Paller said. 'You couldn't talk them into it. We have to give them a clear demand.'
The program is intended not only to test programming skills but also to demonstrate to universities and colleges a demand on the part of government and employers for secure programmers. The first round of exams was held in Washington in August and drew 42 people. Of those, seven earned GSSP certification in the C programming language and 16 in Java.
The 42 participants are a drop in the bucket of the millions of programmers who conceivably could benefit from the program, but Paller was enthusiastic about the initial response. This is the first certification program offered by SANS that began with the exam rather than with courses to teach the basic skills needed for certification. Courses are being developed for the program. Large corporations and government agencies can get access to an online version of the GSSP exam for in-house testing.
Efforts to bring universities into the fold are beginning to bear fruit. SANS has announced a partnership program with the University of North Carolina - Charlotte in which the school will begin including secure programming in its computer science courses. It also will become a regional testing center, and students will receive steep discounts for the certification program, which now costs $499, and participate in developing SANS workshops on secure coding for college faculty.
The next round of certification exams in 18 cities worldwide is scheduled for December, beginning with a Dec. 2 test at Walt Disney World in Orlando, Fla. A second test is scheduled for Dec. 12 in Washington at the Wardman Park Marriott Hotel. More information about upcoming exams is available here
William Jackson is a Maryland-based freelance writer.